CVE-2007-4730

NameCVE-2007-4730
DescriptionBuffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1372-1, DTSA-73-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xorg-server (PTS)bullseye2:1.20.11-1+deb11u13fixed
bullseye (security)2:1.20.11-1+deb11u15fixed
bookworm, bookworm (security)2:21.1.7-3+deb12u9fixed
sid, trixie2:21.1.16-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xorg-serversourceetch2:1.1.1-21etch1DSA-1372-1
xorg-serversourcelenny2:1.3.0.0.dfsg-12lenny1DTSA-73-1
xorg-serversource(unstable)2:1.4-1

Notes

XFree86 is not affected
Search for package or bug name: Reporting problems