CVE-2007-6427 — Out-of-bounds Write in Apple MAC OS X

CWE-787 — Out-of-bounds Write8 documents8 sources

Severity

9.3CRITICALNVD

CNA7.5OSV7.5

EPSS

4.2%

top 11.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

X.org Xorg-server Apple MAC OS X X.org X Server +8 more

Timeline

PublishedJan 18

Latest updateMay 1

Description

The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages8 packages

▶NVDx.org/x_server< 1.4.1

▶NVDapple/mac_os_x10.5.0 — 10.5.2+1

▶Debianx.org/xorg-server< 2:1.4.1~git20080105-2+3

▶NVDsuse/linux10.1

▶NVDopensuse/opensuse10.2, 10.3+1

Also affects: Debian Linux 3.1, 4.0, Fedora 7, 8, Ubuntu Linux 6.06, 6.10, 7.04, 7.10

Patches

Patch: bugs.gentoo.org ↗Patch: www.securityfocus.com ↗Patch: bugs.gentoo.org ↗

🔴Vulnerability Details

GHSA

GHSA-r7g2-76rh-rjm8: The XInput extension in X↗2022-05-01

▶

OSV

CVE-2007-6427: The XInput extension in X↗2008-01-18

▶

CVEList

CVE-2007-6427: The XInput extension in X↗2008-01-18

▶

📋Vendor Advisories

Ubuntu

X.org vulnerabilities↗2008-01-18

▶

Red Hat

xfree86: memory corruption via XInput extension↗2008-01-17

▶

Debian

CVE-2007-6427: xorg-server - The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent atta...↗2007

▶

💬Community

Bugzilla

CVE-2007-6427 xorg / xfree86: memory corruption via XInput extension↗2007-12-06

▶