X.Org Xserver vulnerabilities

CVE-2007-6429 [CRITICAL] CWE-189 CVE-2007-6429: Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent attackers to execut Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent attackers to execute arbitrary code via (1) a GetVisualInfo request containing a 32-bit value that is improperly used to calculate an amount of memory for allocation by the EVI extension, or (2) a request containing values related to pixmap size that are improperly used

CVE-2007-5760 [CRITICAL] CVE-2007-5760: Array index error in the XFree86-Misc extension in X.Org Xserver before 1.4.1 allows context-depende Array index error in the XFree86-Misc extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via a PassMessage request containing a large array index.

CVE-2008-0006 [HIGH] CWE-119 CVE-2008-0006: Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on som Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table.

CVE-2007-5958 [MEDIUM] CWE-200 CVE-2007-5958: X.Org Xserver before 1.4.1 allows local users to determine the existence of arbitrary files via a fi X.Org Xserver before 1.4.1 allows local users to determine the existence of arbitrary files via a filename argument in the -sp option to the X program, which produces different error messages depending on whether the filename exists.

CVE-2007-6428 [MEDIUM] CVE-2007-6428: The ProcGetReservedColormapEntries function in the TOG-CUP extension in X.Org Xserver before 1.4.1 a The ProcGetReservedColormapEntries function in the TOG-CUP extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to read the contents of arbitrary memory locations via a request containing a 32-bit value that is improperly used as an array index.

CVE-2007-2437 [MEDIUM] CVE-2007-2437: The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and earlier, allows remote authenticated users to cause a denial of service (daemon crash) via crafted values to the (1) XRenderCompositeTrapezoids and (2) XRenderAddTraps functions, which trigger a divide-by-zero error.