Upstream information

CVE-2007-4568 at MITRE

Description

Integer overflow in the build_range function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values, which triggers a heap-based buffer overflow.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
	National Vulnerability Database
Base Score	6.8
Vector	AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector	Network
Access Complexity	Medium
Authentication	None
Confidentiality Impact	Partial
Integrity Impact	Partial
Availability Impact	Partial

SUSE Bugzilla entries: 308064 [RESOLVED / FIXED], 308066 [RESOLVED / FIXED]

SUSE Security Advisories:

SUSE-SA:2007:054, published Fri, 12 Oct 2007 16:00:00 +0000

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise Server 11 SP1	`xorg-x11 >= 7.4-9.24.15` `xorg-x11-xauth >= 7.4-9.24.15`	Patchnames: SUSE Linux Enterprise Server 11 SP1 GA xorg-x11-7.4-9.24.15
SUSE Linux Enterprise Server 11 SP2	`xorg-x11 >= 7.4-9.47.1` `xorg-x11-xauth >= 7.4-9.47.1`	Patchnames: SUSE Linux Enterprise Server 11 SP2 GA xorg-x11-7.4-9.47.1
SUSE Linux Enterprise Server 11 SP3	`xorg-x11 >= 7.4-9.62.46` `xorg-x11-xauth >= 7.4-9.62.46`	Patchnames: SUSE Linux Enterprise Server 11 SP3 GA xorg-x11-7.4-9.62.46
SUSE Linux Enterprise Server 11 SP4	`xorg-x11 >= 7.4-9.65.46` `xorg-x11-xauth >= 7.4-9.65.46`	Patchnames: SUSE Linux Enterprise Server 11 SP4 GA xorg-x11-7.4-9.65.46
openSUSE Tumbleweed	`xorg-x11 >= 7.6_1-16.13` `xorg-x11-essentials >= 7.6_1-16.13`	Patchnames: openSUSE-Tumbleweed-2024-11524

SUSE Timeline for this CVE

CVE page created: Tue Jul 9 15:58:20 2013
CVE page last modified: Tue Sep 3 18:12:18 2024