CVE-2007-4730

NameCVE-2007-4730
DescriptionBuffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1372-1, DTSA-73-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xorg-server (PTS)bullseye2:1.20.11-1+deb11u13fixed
bullseye (security)2:1.20.11-1+deb11u17fixed
bookworm2:21.1.7-3+deb12u10fixed
bookworm (security)2:21.1.7-3+deb12u11fixed
trixie (security), trixie2:21.1.16-1.3+deb13u1fixed
forky, sid2:21.1.21-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xorg-serversourceetch2:1.1.1-21etch1DSA-1372-1
xorg-serversourcelenny2:1.3.0.0.dfsg-12lenny1DTSA-73-1
xorg-serversource(unstable)2:1.4-1

Notes

XFree86 is not affected
Search for package or bug name: Reporting problems