[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96078

 
 

909

 
 

78009

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2007-1667

Date: (C)2007-03-24   (M)2017-10-12
 
CVSS Score: 9.3Access Vector: NETWORK
Exploitability Subscore: 8.6Access Complexity: MEDIUM
Impact Subscore: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE











Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.

Reference:
SECTRACK-1017864
SUNALERT-102888
http://www.securityfocus.com/archive/1/archive/1/464686/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/464816/100/0/threaded
BID-23300
SECUNIA-24739
SECUNIA-24741
SECUNIA-24745
SECUNIA-24756
SECUNIA-24758
SECUNIA-24765
SECUNIA-24771
SECUNIA-24791
SECUNIA-24953
SECUNIA-24975
SECUNIA-25004
SECUNIA-25072
SECUNIA-25112
SECUNIA-25131
SECUNIA-25305
SECUNIA-25992
SECUNIA-26177
SECUNIA-30161
SECUNIA-33937
SECUNIA-36260
ADV-2007-1217
ADV-2007-1531
APPLE-SA-2009-02-12
DSA-1294
DSA-1858
GLSA-200705-06
GLSA-200805-07
MDKSA-2007:079
MDKSA-2007:147
RHSA-2007:0125
RHSA-2007:0126
RHSA-2007:0157
SUSE-SA:2007:027
SUSE-SR:2007:008
USN-453-1
USN-453-2
USN-481-1
http://www.openbsd.org/errata39.html#021_xorg
http://www.openbsd.org/errata40.html#011_xorg
http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414045
http://issues.foresightlinux.org/browse/FL-223
http://support.apple.com/kb/HT3438
http://support.avaya.com/elmodocs2/security/ASA-2007-176.htm
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231684
https://issues.rpath.com/browse/RPL-1211
https://issues.rpath.com/browse/RPL-1213

CPE    1
cpe:/a:imagemagick:imagemagick
CWE    1
CWE-189
OVAL    4
oval:org.secpod.oval:def:600468
oval:org.mitre.oval:def:7485
oval:org.secpod.oval:def:600301
oval:org.mitre.oval:def:8206
...

© 2013 SecPod Technologies