CVE-2007-1003

Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption.

🔗 References (86)

• secalert@redhathttp://issues.foresightlinux.org/browse/FL-223
• secalert@redhathttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=503
• secalert@redhathttp://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html
• secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html
• secalert@redhathttp://rhn.redhat.com/errata/RHSA-2007-0125.html
• secalert@redhathttp://secunia.com/advisories/24741
• secalert@redhathttp://secunia.com/advisories/24745
• secalert@redhathttp://secunia.com/advisories/24756
• secalert@redhathttp://secunia.com/advisories/24758
• secalert@redhathttp://secunia.com/advisories/24765
• secalert@redhathttp://secunia.com/advisories/24770
• secalert@redhathttp://secunia.com/advisories/24771
• secalert@redhathttp://secunia.com/advisories/24772
• secalert@redhathttp://secunia.com/advisories/24791
• secalert@redhathttp://secunia.com/advisories/25004