Unrated severityNVD Advisory· Published Jun 16, 2008· Updated Apr 23, 2026
CVE-2008-1377
CVE-2008-1377
Description
The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
49- lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.htmlnvdPatch
- rhn.redhat.com/errata/RHSA-2008-0502.htmlnvdPatch
- www.debian.org/security/2008/dsa-1595nvdPatch
- www.ubuntu.com/usn/usn-616-1nvdPatch
- secunia.com/advisories/30627nvdVendor Advisory
- secunia.com/advisories/30628nvdVendor Advisory
- secunia.com/advisories/30629nvdVendor Advisory
- secunia.com/advisories/30630nvdVendor Advisory
- secunia.com/advisories/30637nvdVendor Advisory
- secunia.com/advisories/30659nvdVendor Advisory
- secunia.com/advisories/30664nvdVendor Advisory
- secunia.com/advisories/30666nvdVendor Advisory
- ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1377.diffnvd
- h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvd
- labs.idefense.com/intelligence/vulnerabilities/display.phpnvd
- lists.apple.com/archives/security-announce/2009/Feb/msg00000.htmlnvd
- lists.freedesktop.org/archives/xorg/2008-June/036026.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.htmlnvd
- rhn.redhat.com/errata/RHSA-2008-0504.htmlnvd
- rhn.redhat.com/errata/RHSA-2008-0512.htmlnvd
- secunia.com/advisories/30671nvd
- secunia.com/advisories/30715nvd
- secunia.com/advisories/30772nvd
- secunia.com/advisories/30809nvd
- secunia.com/advisories/30843nvd
- secunia.com/advisories/31025nvd
- secunia.com/advisories/31109nvd
- secunia.com/advisories/32099nvd
- secunia.com/advisories/32545nvd
- secunia.com/advisories/33937nvd
- security.gentoo.org/glsa/glsa-200806-07.xmlnvd
- securitytracker.com/idnvd
- sunsolve.sun.com/search/document.donvd
- support.apple.com/kb/HT3438nvd
- support.avaya.com/elmodocs2/security/ASA-2008-249.htmnvd
- wiki.rpath.com/wiki/Advisories:rPSA-2008-0201nvd
- www.gentoo.org/security/en/glsa/glsa-200807-07.xmlnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.redhat.com/support/errata/RHSA-2008-0503.htmlnvd
- www.securityfocus.com/archive/1/493548/100/0/threadednvd
- www.securityfocus.com/archive/1/493550/100/0/threadednvd
- www.vupen.com/english/advisories/2008/1803nvd
- www.vupen.com/english/advisories/2008/1833nvd
- www.vupen.com/english/advisories/2008/1983/referencesnvd
- www.vupen.com/english/advisories/2008/3000nvd
- issues.rpath.com/browse/RPL-2607nvd
- issues.rpath.com/browse/RPL-2619nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10109nvd
News mentions
0No linked articles in our index yet.