CVE-2007-4730 — xorg-server - buffer overflow

Description

Buffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap.

How to fix CVE-2007-4730

To remediate CVE-2007-4730, upgrade the affected package to a fixed version below.

Debian/xorg-server—upgrade to 2:1.4-1 or later
Debian/xorg-server—upgrade to 2:1.1.1-21etch1 or later
Debian/xorg-server—upgrade to 2:1.3.0.0.dfsg-12lenny1 or later

Is CVE-2007-4730 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

from 0, < 2:1.4-1
from 0, < 2:1.1.1-21etch1
from 0, < 2:1.3.0.0.dfsg-12lenny1

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2007-4730