CVE-2007-1003

Description

Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption.

How to fix CVE-2007-1003

To remediate CVE-2007-1003, upgrade the affected package to a fixed version below.

• Debian/xfree86—upgrade to 4.3.0.dfsg.1-14sarge4 or later
• Debian/xorg-server—upgrade to 2:1.1.1-21 or later

Is CVE-2007-1003 being exploited?

Moderate — EPSS is 8.0%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

• from 0, < 4.3.0.dfsg.1-14sarge4
• from 0, < 2:1.1.1-21

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2007-1003