CVE-2007-4730

NameCVE-2007-4730
DescriptionBuffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1372-1, DTSA-73-1
NVD severitymedium (attack range: local)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xorg-server (PTS)wheezy2:1.12.4-6+deb7u6fixed
wheezy (security)2:1.12.4-6+deb7u7fixed
jessie2:1.16.4-1+deb8u1fixed
jessie (security)2:1.16.4-1+deb8u2fixed
stretch2:1.19.2-1+deb9u1fixed
stretch (security)2:1.19.2-1+deb9u2fixed
buster, sid2:1.19.5-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xorg-serversource(unstable)2:1.4-1medium
xorg-serversourceetch2:1.1.1-21etch1mediumDSA-1372-1
xorg-serversourcelenny2:1.3.0.0.dfsg-12lenny1mediumDTSA-73-1

Notes

XFree86 is not affected

Search for package or bug name: Reporting problems