Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2007-6427

The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990.

Security Impact Summary

CVE-2007-6427 is a security vulnerability that . Impacting 11 products from x.org, from canonical, from debian and 8 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Originally identified in 2008, this vulnerability predates many modern security frameworks and practices. The vulnerability landscape of that era was characterized by different threat models and less mature defense mechanisms compared to contemporary standards.

Published

2008-01-18T23:00:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 9.3 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

10.0

Weaknesses

Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	x.org	x_server	< 1.4.1	Yes
Operating System	canonical	ubuntu_linux	6.06	Yes
Operating System	canonical	ubuntu_linux	6.10	Yes
Operating System	canonical	ubuntu_linux	7.04	Yes
Operating System	canonical	ubuntu_linux	7.10	Yes
Operating System	debian	debian_linux	3.1	Yes
Operating System	debian	debian_linux	4.0	Yes
Operating System	apple	mac_os_x	< 10.4.11	Yes
Operating System	apple	mac_os_x	< 10.5.2	Yes
Operating System	fedoraproject	fedora	7	Yes
Operating System	fedoraproject	fedora	8	Yes
Operating System	opensuse	opensuse	10.2	Yes
Operating System	opensuse	opensuse	10.3	Yes
Operating System	suse	linux	10.1	Yes
Operating System	suse	linux_enterprise_desktop	9	Yes
Operating System	suse	linux_enterprise_desktop	10	Yes
Operating System	suse	linux_enterprise_desktop	10	Yes
Operating System	suse	linux_enterprise_server	8	Yes
Operating System	suse	linux_enterprise_server	9	Yes
Operating System	suse	linux_enterprise_server	10	Yes
Operating System	suse	linux_enterprise_software_development_kit	10	Yes
Operating System	suse	open_enterprise_server	-	Yes

References

http://bugs.gentoo.org/show_bug.cgi?id=204362 Issue Tracking, Patch, Third Party Advisory ([email protected])
http://docs.info.apple.com/article.html?artnum=307562 Broken Link ([email protected])
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321 Broken Link ([email protected])
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=643 Broken Link ([email protected])
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html Mailing List ([email protected])
http://lists.freedesktop.org/archives/xorg/2008-January/031918.html Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html Mailing List, Third Party Advisory ([email protected])
http://secunia.com/advisories/28273 Third Party Advisory ([email protected])
http://secunia.com/advisories/28532 Third Party Advisory ([email protected])
http://secunia.com/advisories/28535 Third Party Advisory ([email protected])
http://secunia.com/advisories/28536 Third Party Advisory ([email protected])
http://secunia.com/advisories/28539 Third Party Advisory ([email protected])
http://secunia.com/advisories/28540 Third Party Advisory ([email protected])
http://secunia.com/advisories/28542 Third Party Advisory ([email protected])
http://secunia.com/advisories/28543 Third Party Advisory ([email protected])
http://secunia.com/advisories/28550 Third Party Advisory ([email protected])
http://secunia.com/advisories/28584 Third Party Advisory ([email protected])
http://secunia.com/advisories/28592 Third Party Advisory ([email protected])
http://secunia.com/advisories/28616 Third Party Advisory ([email protected])
http://secunia.com/advisories/28693 Third Party Advisory ([email protected])
http://secunia.com/advisories/28718 Third Party Advisory ([email protected])
http://secunia.com/advisories/28838 Third Party Advisory ([email protected])
http://secunia.com/advisories/28843 Third Party Advisory ([email protected])
http://secunia.com/advisories/28885 Third Party Advisory ([email protected])
http://secunia.com/advisories/28941 Third Party Advisory ([email protected])
http://secunia.com/advisories/29139 Third Party Advisory ([email protected])
http://secunia.com/advisories/29420 Third Party Advisory ([email protected])
http://secunia.com/advisories/29622 Third Party Advisory ([email protected])
http://secunia.com/advisories/29707 Third Party Advisory ([email protected])
http://secunia.com/advisories/30161 Third Party Advisory ([email protected])
http://secunia.com/advisories/32545 Third Party Advisory ([email protected])
http://security.gentoo.org/glsa/glsa-200801-09.xml Third Party Advisory ([email protected])
http://security.gentoo.org/glsa/glsa-200804-05.xml Third Party Advisory ([email protected])
http://securitytracker.com/id?1019232 Third Party Advisory, VDB Entry ([email protected])
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103200-1 Broken Link ([email protected])
http://sunsolve.sun.com/search/document.do?assetkey=1-26-200153-1 Broken Link ([email protected])
http://support.avaya.com/elmodocs2/security/ASA-2008-039.htm Third Party Advisory ([email protected])
http://support.avaya.com/elmodocs2/security/ASA-2008-078.htm Third Party Advisory ([email protected])
http://www.debian.org/security/2008/dsa-1466 Third Party Advisory ([email protected])
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2008:021 Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2008:022 Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2008:023 Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2008:025 Third Party Advisory ([email protected])
http://www.openbsd.org/errata41.html#012_xorg Third Party Advisory ([email protected])
http://www.openbsd.org/errata42.html#006_xorg Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-0029.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-0030.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-0031.html Third Party Advisory ([email protected])
http://www.securityfocus.com/archive/1/487335/100/0/threaded Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/27336 Patch, Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/27351 Third Party Advisory, VDB Entry ([email protected])
http://www.vupen.com/english/advisories/2008/0179 Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2008/0184 Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2008/0497/references Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2008/0703 Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2008/0924/references Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2008/3000 Third Party Advisory ([email protected])
http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200802/SECURITY/20080227/datafile112539&label=AIX%20X%20server%20multiple%20vulnerabilities Mitigation, Third Party Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/39759 Third Party Advisory, VDB Entry ([email protected])
https://issues.rpath.com/browse/RPL-2010 Broken Link ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10372 Third Party Advisory ([email protected])
https://usn.ubuntu.com/571-1/ Third Party Advisory ([email protected])
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00641.html Third Party Advisory ([email protected])
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00704.html Third Party Advisory ([email protected])
http://bugs.gentoo.org/show_bug.cgi?id=204362 Issue Tracking, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://docs.info.apple.com/article.html?artnum=307562 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=643 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://lists.freedesktop.org/archives/xorg/2008-January/031918.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28273 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28532 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28535 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28536 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28539 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28540 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28542 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28543 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28550 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28584 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28592 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28616 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28693 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28718 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28838 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28843 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28885 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28941 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29139 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29420 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29622 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29707 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/30161 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/32545 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-200801-09.xml Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-200804-05.xml Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1019232 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103200-1 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://sunsolve.sun.com/search/document.do?assetkey=1-26-200153-1 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://support.avaya.com/elmodocs2/security/ASA-2008-039.htm Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://support.avaya.com/elmodocs2/security/ASA-2008-078.htm Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2008/dsa-1466 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2008:021 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2008:022 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2008:023 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2008:025 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openbsd.org/errata41.html#012_xorg Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openbsd.org/errata42.html#006_xorg Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-0029.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-0030.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-0031.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/487335/100/0/threaded Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/27336 Patch, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/27351 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/0179 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/0184 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/0497/references Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/0703 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/0924/references Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/3000 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200802/SECURITY/20080227/datafile112539&label=AIX%20X%20server%20multiple%20vulnerabilities Mitigation, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39759 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://issues.rpath.com/browse/RPL-2010 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10372 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/571-1/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00641.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00704.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For x.org's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.