CVE-2007-4730

NameCVE-2007-4730
DescriptionBuffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1372-1, DTSA-73-1
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xorg-server (PTS)stretch2:1.19.2-1+deb9u5fixed
stretch (security)2:1.19.2-1+deb9u8fixed
buster, buster (security)2:1.20.4-1+deb10u3fixed
bullseye2:1.20.11-1fixed
bookworm, sid2:1.20.13-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xorg-serversourceetch2:1.1.1-21etch1DSA-1372-1
xorg-serversourcelenny2:1.3.0.0.dfsg-12lenny1DTSA-73-1
xorg-serversource(unstable)2:1.4-1

Notes

XFree86 is not affected

Search for package or bug name: Reporting problems