CVE-2007-6429

Name of the Vulnerable Software and Affected Versions xorg-server versions prior to 1.4.1 x-window-system (affected versions not specified) libxfont1 (affected versions not specified) libxaw6 (affected versions not specified) xlibs (affected versions not specified) libxrandr2 (affected versions not specified) xlibmesa3 (affected versions not specified) libdps1 (affected versions not specified) libxtst6 (affected versions not specified) libxmu6 (affected versions not specified) libxv1 (affected versions not specified) libxtrap6 (affected versions not specified) libsm6 (affected versions not specified) libxi6 (affected versions not specified) libxp6 (affected versions not specified) xfonts-75dpi (affected versions not specified) xfonts-100dpi (affected versions not specified) xfonts-base (affected versions not specified) xfonts-scalable (affected versions not specified) xfwp (affected versions not specified) xmh (affected versions not specified) xnest (affected versions not specified) xspecs (affected versions not specified) xfs (affected versions not specified) lbxproxy (affected versions not specified) xdmx (affected versions not specified) xvfb (affected versions not specified) xlibmesa-glu (affected versions not specified) xlibmesa-dri (affected versions not specified) libxft1 (affected versions not specified) libxpm4 (affected versions not specified) libxaw7 (affected versions not specified) libxext6 (affected versions not specified) libxt6 (affected versions not specified) libx11-6 (affected versions not specified) libxmuu1 (affected versions not specified)

Description Multiple integer overflows in X.Org Xserver allow context-dependent attackers to execute arbitrary code via a GetVisualInfo request containing a 32-bit value that is improperly used to calculate an amount of memory for allocation by the EVI extension, or a request containing values related to pixmap size that are improperly used in management of shared memory by the MIT-SHM extension. The vulnerabilities can be exploited remotely.

Recommendations As a temporary workaround, consider disabling the GetVisualInfo request and the MIT-SHM extension until a patch is available. Restrict access to the X.Org Xserver to minimize the risk of exploitation. Avoid using the xorg-server package until a fixed version is available. For xorg-server versions prior to 1.4.1, update to version 1.4.1 or later. At the moment, there is no information about a newer version that contains a fix for this vulnerability for the other affected packages.