CVE-2007-4730

NameCVE-2007-4730
DescriptionBuffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1372-1, DTSA-73-1
NVD severitymedium (attack range: local)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xorg-server (PTS)jessie (security), jessie2:1.16.4-1+deb8u2fixed
stretch (security), stretch2:1.19.2-1+deb9u2fixed
buster2:1.19.6-1fixed
sid2:1.20.0-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xorg-serversource(unstable)2:1.4-1medium
xorg-serversourceetch2:1.1.1-21etch1mediumDSA-1372-1
xorg-serversourcelenny2:1.3.0.0.dfsg-12lenny1mediumDTSA-73-1

Notes

XFree86 is not affected

Search for package or bug name: Reporting problems