Info

Last Modified

about 1 year ago

Percent Complete

Disclosure

Sep 06, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

This Entry needs help! It is only 5% Complete. Click the edit link above to add more information.

Contributing is fast and easy, and benefits the entire security community.

Description

(Description Provided by CVE) : Buffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap.

Classification

Attack Type: Input Manipulation

Products

Unknown or Incomplete

References

Security Tracker: 1018665
CVE ID: 2007-4730 (see also: NVD)
Bugtraq ID: 25606
Secunia Advisory ID: 26743 26755 26755 26763 26763 26823 26823 26859 26859 26897 26897 27147 27179 27228 30161
SCIP VulDB ID: 3299
ISS X-Force ID: 36535
VUPEN Advisory: ADV-2007-3098
Vendor Specific News/Changelog Entry: http://bugs.freedesktop.org/show_bug.cgi?id=7447
Other Advisory URL: http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:178
http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00134.html
http://lists.freedesktop.org/archives/xorg-announce/2007-September/000378.html
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00001.html
http://lists.rpath.com/pipermail/security-announce/2007-September/000243.html
http://support.avaya.com/elmodocs2/security/ASA-2007-394.htm
http://www.debian.org/security/2007/dsa-1372
http://www.gentoo.org/security/en/glsa/glsa-200710-16.xml
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:178
http://www.ubuntu.com/usn/usn-514-1
https://issues.rpath.com/browse/RPL-1728
Mail List Post: http://lists.freedesktop.org/archives/xorg-announce/2007-September/000378.html
RedHat RHSA: RHSA-2007:0898

Tools & Filters

	26033 26045 26111 27051 28119 29603

Credit

Unknown or Incomplete

CVSSv2 Score

CVSSv2 Base Score = 4.3
Source: nvd.nist.gov | Generated: 2007-09-12 | Disagree?

Blogs

This product uses the Daylife API but is not endorsed or certified by Daylife.

This section lists the latest news and blogs found via the daylife API (and for older items, the technorati API), which mention or otherwise discuss this vulnerability.

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.