Integer overflow in the ProcDbeSwapBuffers function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| X.org | X.org | 6.8.2 (including) | 6.8.2 (including) |
| X.org | X.org | 6.9.0 (including) | 6.9.0 (including) |
| X.org | X.org | 7.0 (including) | 7.0 (including) |
| X.org | X.org | 7.1 (including) | 7.1 (including) |
| Xfree86 | Xfree86_project | * | * |
| Red Hat Enterprise Linux 2.1 | RedHat | XFree86-0:4.1.0-78.EL | * |
| Red Hat Enterprise Linux 3 | RedHat | XFree86-0:4.3.0-115.EL | * |
| Red Hat Enterprise Linux 4 | RedHat | xorg-x11-0:6.8.2-1.EL.13.37.5 | * |
| Xorg-server | Ubuntu | dapper | * |
| Xorg-server | Ubuntu | devel | * |
| Xorg-server | Ubuntu | edgy | * |
| Xorg-server | Ubuntu | feisty | * |