SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2007-5503

Date: (C)2007-11-29 (M)2023-12-22

Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image with large width and height values, which is not properly handled by the read_png function.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL

Reference:

SECTRACK-1019027

http://www.securityfocus.com/archive/1/486405/100/0/threaded

http://www.securityfocus.com/archive/1/495869/100/0/threaded

FEDORA-2007-3818

SSA:2007-337-01

SUSE-SR:2008:003

cario-readpng-bo(38771)

http://bugs.gentoo.org/show_bug.cgi?id=200350

http://bugs.gentoo.org/show_bug.cgi?id=201860

http://gitweb.freedesktop.org/?p=cairo%3Ba=commitdiff%3Bh=5c7d2d14d78e4dfb1ef6d2c40f0910f177e07360

http://gitweb.freedesktop.org/?p=cairo%3Ba=commitdiff%3Bh=e49bcde27f88e21d5b8037a0089a226096f6514b

http://gitweb.freedesktop.org/?p=cairo%3Ba=commitdiff_plain%3Bh=6020f67f1a49cfe3844c4938d4af24c63c8424cc%3Bhp=c79fc9af334fd6f2d1078071d64178125561b187

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0015

http://www.vmware.com/security/advisories/VMSA-2008-0014.html

http://www.vmware.com/support/player2/doc/releasenotes_player2.html

http://www.vmware.com/support/server/doc/releasenotes_server.html

http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html

https://bugzilla.redhat.com/show_bug.cgi?id=387431

https://issues.rpath.com/browse/RPL-1966

oval:org.mitre.oval:def:11251

oval:org.secpod.oval:def:301489
oval:org.mitre.oval:def:8136

© SecPod Technologies