>> X.Org X11 Multiple Function Integer Overflow and Local Privilege Escalation Vulnerabilities
Title : X.Org X11 Multiple Function Integer Overflow and Local Privilege Escalation Vulnerabilities VUPEN ID : VUPEN/ADV-2007-1217 CVE ID : CVE-2007-1003 - CVE-2007-1351 - CVE-2007-1352 - CVE-2007-1667
Rated as : Moderate Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2007-04-03
Technical Description
Multiple vulnerabilities have been identified in X.Org X11, which could be exploited by attackers to execute arbitrary commands or cause a denial of service.
The first issue is due to an integer overflow error in the XC-MISC extension when processing specially crafted values via the "ProcXCMiscGetXIDList()" [Xext/xcmisc.c] function, which could be exploited by a malicious authorized client to crash or compromise an affected server.
The second vulnerability is due to integer overflow errors in the "bdfReadCharacters()" [bitmap/bdfread.c] and "FontFileInitTable()" [fontfile/fontdir.c] functions when processing malformed BDF fonts or "fonts.dir" font information files, which could be exploited by malicious users to crash or compromise an affected server.
The third vulnerability is due to integer overflow errors in the "XGetPixel()" and "XInitImage()" [ImUtil.c] functions when processing malformed images, which could be exploited by attackers to crash an application linked against the affected function or potentially execute arbitrary commands.
