CVE-2007-4568

Name of the Vulnerable Software and Affected Versions: X.Org X Font Server (xfs) versions prior to 1.0.5 Gentoo Linux xfs package versions prior to 1.0.5

Description: The issue is related to an integer overflow in the build range function, allowing context-dependent attackers to execute arbitrary code via crafted size values in QueryXBitmaps and QueryXExtents protocol requests, which triggers a heap-based buffer overflow. Additionally, there are multiple vulnerabilities in the xfs package that can lead to breaches of confidentiality, integrity, and availability of protected information, and these can be exploited remotely.

Recommendations: For X.Org X Font Server (xfs) versions prior to 1.0.5, update to version 1.0.5 or later to resolve the issue. For Gentoo Linux xfs package versions prior to 1.0.5, update to version 1.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the QueryXBitmaps and QueryXExtents protocol requests until a patch is available.