CVE-2007-4730

xorg-server - Buffer Overflow in Composite Extension via Pixmap Depth Mismatch

Title source: llm
STIX 2.1

Description

Buffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap.

References (30)

Core 30
Core References
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2007_54_xorg.html
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:178
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/37726
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26823
Issue Tracking x_refsource_confirm
https://issues.rpath.com/browse/RPL-1728
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200710-16.xml
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26859
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27147
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0898.html
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2008:022
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25606
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-514-1
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26743
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27228
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30161
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/36535
Third Party Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1018665
Third Party Advisory x_refsource_confirm
http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0187
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26897
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26755
Various Sources x_refsource_confirm
http://bugs.freedesktop.org/show_bug.cgi?id=7447
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26763
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10430
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27179
Issue Tracking x_refsource_confirm
http://bugs.gentoo.org/show_bug.cgi?id=191964
Patch vendor-advisory x_refsource_debian
http://www.debian.org/security/2007/dsa-1372
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3098

Scores

EPSS 0.0051
EPSS Percentile 40.2%

Details

CWE
CWE-119
Status published
Products (5)
x.org/xorg-server 1.01
x.org/xorg-server 1.1
x.org/xorg-server 1.02
x.org/xorg-server 1.2
x.org/xorg-server 1.3
Published Sep 11, 2007
Tracked Since Feb 18, 2026