CVE-2007-4568

Description

Integer overflow in the build_range function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values, which triggers a heap-based buffer overflow.

Category

6.8
CVSS
Severity: Medium
CVSS 2.0 •
EPSS 24.07% Top 5%
Vendor Advisory novell.com Vendor Advisory sun.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory apple.com Vendor Advisory debian.org Vendor Advisory gentoo.org Vendor Advisory redhat.com Vendor Advisory sun.com Vendor Advisory mandriva.com Vendor Advisory apple.com
Affected: n/a n/a
Published at:
Updated at:

References

Link Tags
http://www.novell.com/linux/security/advisories/2007_54_xorg.html vendor advisory
http://www.securitytracker.com/id?1018763 vdb entry
http://secunia.com/advisories/28542 third party advisory
http://docs.info.apple.com/article.html?artnum=307430
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200642-1 vendor advisory
http://secunia.com/advisories/28891 third party advisory
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00352.html vendor advisory
http://www.securityfocus.com/archive/1/481432/100/0/threaded mailing list
http://secunia.com/advisories/27052 third party advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=602 third party advisory patch
http://www.vupen.com/english/advisories/2008/0495/references vdb entry
http://secunia.com/advisories/27060 third party advisory
http://www.vupen.com/english/advisories/2008/0924/references vdb entry
http://lists.freedesktop.org/archives/xorg-announce/2007-October/000416.html patch mailing list
http://www.redhat.com/support/errata/RHSA-2008-0029.html vendor advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/36919 vdb entry
http://secunia.com/advisories/28004 third party advisory
http://secunia.com/advisories/27240 third party advisory
http://secunia.com/advisories/27168 third party advisory
https://issues.rpath.com/browse/RPL-1756
http://secunia.com/advisories/29420 third party advisory
http://secunia.com/advisories/27040 third party advisory
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html vendor advisory
http://secunia.com/advisories/27176 third party advisory
http://www.debian.org/security/2007/dsa-1385 vendor advisory
http://security.gentoo.org/glsa/glsa-200710-11.xml vendor advisory
http://secunia.com/advisories/27228 third party advisory
http://www.vupen.com/english/advisories/2007/3467 vdb entry
http://www.redhat.com/support/errata/RHSA-2008-0030.html vendor advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103114-1 vendor advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:210 vendor advisory
http://www.securityfocus.com/bid/25898 vdb entry
http://bugs.gentoo.org/show_bug.cgi?id=194606
http://www.us-cert.gov/cas/techalerts/TA08-043B.html third party advisory us government resource
http://www.vupen.com/english/advisories/2007/3338 vdb entry
http://secunia.com/advisories/27560 third party advisory
http://docs.info.apple.com/article.html?artnum=307562
http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html vendor advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10882 signature vdb entry
http://www.vupen.com/english/advisories/2007/3337 vdb entry
http://secunia.com/advisories/28536 third party advisory
http://bugs.freedesktop.org/show_bug.cgi?id=12298

Frequently Asked Questions

What is the severity of CVE-2007-4568?
CVE-2007-4568 has been scored as a medium severity vulnerability.
How to fix CVE-2007-4568?
To fix CVE-2007-4568, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2007-4568 being actively exploited in the wild?
It is possible that CVE-2007-4568 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~24% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.