Unrated severityNVD Advisory· Published Jun 16, 2008· Updated Jun 16, 2026
CVE-2008-1377
CVE-2008-1377
Description
The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
49- lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.htmlnvdPatch
- rhn.redhat.com/errata/RHSA-2008-0502.htmlnvdPatch
- www.debian.org/security/2008/dsa-1595nvdPatch
- www.ubuntu.com/usn/usn-616-1nvdPatch
- secunia.com/advisories/30627nvdVendor Advisory
- secunia.com/advisories/30628nvdVendor Advisory
- secunia.com/advisories/30629nvdVendor Advisory
- secunia.com/advisories/30630nvdVendor Advisory
- secunia.com/advisories/30637nvdVendor Advisory
- secunia.com/advisories/30659nvdVendor Advisory
- secunia.com/advisories/30664nvdVendor Advisory
- secunia.com/advisories/30666nvdVendor Advisory
- ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1377.diffnvd
- h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvd
- labs.idefense.com/intelligence/vulnerabilities/display.phpnvd
- lists.apple.com/archives/security-announce/2009/Feb/msg00000.htmlnvd
- lists.freedesktop.org/archives/xorg/2008-June/036026.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.htmlnvd
- rhn.redhat.com/errata/RHSA-2008-0504.htmlnvd
- rhn.redhat.com/errata/RHSA-2008-0512.htmlnvd
- secunia.com/advisories/30671nvd
- secunia.com/advisories/30715nvd
- secunia.com/advisories/30772nvd
- secunia.com/advisories/30809nvd
- secunia.com/advisories/30843nvd
- secunia.com/advisories/31025nvd
- secunia.com/advisories/31109nvd
- secunia.com/advisories/32099nvd
- secunia.com/advisories/32545nvd
- secunia.com/advisories/33937nvd
- security.gentoo.org/glsa/glsa-200806-07.xmlnvd
- securitytracker.com/idnvd
- sunsolve.sun.com/search/document.donvd
- support.apple.com/kb/HT3438nvd
- support.avaya.com/elmodocs2/security/ASA-2008-249.htmnvd
- wiki.rpath.com/wiki/Advisories:rPSA-2008-0201nvd
- www.gentoo.org/security/en/glsa/glsa-200807-07.xmlnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.redhat.com/support/errata/RHSA-2008-0503.htmlnvd
- www.securityfocus.com/archive/1/493548/100/0/threadednvd
- www.securityfocus.com/archive/1/493550/100/0/threadednvd
- www.vupen.com/english/advisories/2008/1803nvd
- www.vupen.com/english/advisories/2008/1833nvd
- www.vupen.com/english/advisories/2008/1983/referencesnvd
- www.vupen.com/english/advisories/2008/3000nvd
- issues.rpath.com/browse/RPL-2607nvd
- issues.rpath.com/browse/RPL-2619nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10109nvd
News mentions
0No linked articles in our index yet.