CVE-2007-1667

HIGH

Description

Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414045

http://issues.foresightlinux.org/browse/FL-223

http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html

http://rhn.redhat.com/errata/RHSA-2007-0125.html

http://secunia.com/advisories/24739

http://secunia.com/advisories/24741

http://secunia.com/advisories/24745

http://secunia.com/advisories/24756

http://secunia.com/advisories/24758

http://secunia.com/advisories/24765

http://secunia.com/advisories/24771

http://secunia.com/advisories/24791

http://secunia.com/advisories/24953

http://secunia.com/advisories/24975

http://secunia.com/advisories/25004

http://secunia.com/advisories/25072

http://secunia.com/advisories/25112

http://secunia.com/advisories/25131

http://secunia.com/advisories/25305

http://secunia.com/advisories/25992

http://secunia.com/advisories/26177

http://secunia.com/advisories/30161

http://secunia.com/advisories/33937

http://secunia.com/advisories/36260

http://security.gentoo.org/glsa/glsa-200705-06.xml

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102888-1

http://support.apple.com/kb/HT3438

http://support.avaya.com/elmodocs2/security/ASA-2007-176.htm

http://www.debian.org/security/2007/dsa-1294

http://www.debian.org/security/2009/dsa-1858

http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml

http://www.mandriva.com/security/advisories?name=MDKSA-2007:079

http://www.mandriva.com/security/advisories?name=MDKSA-2007:147

http://www.novell.com/linux/security/advisories/2007_27_x.html

http://www.novell.com/linux/security/advisories/2007_8_sr.html

http://www.openbsd.org/errata39.html#021_xorg

http://www.openbsd.org/errata40.html#011_xorg

http://www.redhat.com/support/errata/RHSA-2007-0126.html

http://www.redhat.com/support/errata/RHSA-2007-0157.html

http://www.securityfocus.com/archive/1/464686/100/0/threaded

http://www.securityfocus.com/archive/1/464816/100/0/threaded

http://www.securityfocus.com/bid/23300

http://www.securitytracker.com/id?1017864

http://www.ubuntu.com/usn/usn-453-1

http://www.ubuntu.com/usn/usn-453-2

http://www.ubuntu.com/usn/usn-481-1

http://www.vupen.com/english/advisories/2007/1217

http://www.vupen.com/english/advisories/2007/1531

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231684

https://issues.rpath.com/browse/RPL-1211

https://issues.rpath.com/browse/RPL-1213

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1693

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9776

Details

Source: MITRE

Published: 2007-03-24

Updated: 2018-10-16

Type: CWE-189

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*

cpe:2.3:a:x.org:libx11:*:*:*:*:*:*:*:* versions up to 1.0.2 (inclusive)

Tenable Plugins

View all (43 total)

IDNameProductFamilySeverity
130510Solaris 10 (x86) : 119060-73NessusSolaris Local Security Checks
high
130508Solaris 10 (sparc) : 119059-74NessusSolaris Local Security Checks
high
107806Solaris 10 (x86) : 119060-71NessusSolaris Local Security Checks
high
107805Solaris 10 (x86) : 119060-70NessusSolaris Local Security Checks
high
107804Solaris 10 (x86) : 119060-69NessusSolaris Local Security Checks
high
107803Solaris 10 (x86) : 119060-68NessusSolaris Local Security Checks
high
107802Solaris 10 (x86) : 119060-65NessusSolaris Local Security Checks
high
107801Solaris 10 (x86) : 119060-64NessusSolaris Local Security Checks
high
107304Solaris 10 (sparc) : 119059-72NessusSolaris Local Security Checks
high
107303Solaris 10 (sparc) : 119059-71NessusSolaris Local Security Checks
high
107302Solaris 10 (sparc) : 119059-70NessusSolaris Local Security Checks
high
107301Solaris 10 (sparc) : 119059-69NessusSolaris Local Security Checks
high
107300Solaris 10 (sparc) : 119059-66NessusSolaris Local Security Checks
high
107299Solaris 10 (sparc) : 119059-65NessusSolaris Local Security Checks
high
82537Solaris 10 (x86) : 119060-45NessusSolaris Local Security Checks
high
82536Solaris 10 (sparc) : 119059-46NessusSolaris Local Security Checks
high
67472Oracle Linux 5 : libX11 / xorg-x11-apps (ELSA-2007-0157)NessusOracle Linux Local Security Checks
high
67465Oracle Linux 4 : xorg-x11 (ELSA-2007-0126)NessusOracle Linux Local Security Checks
high
67464Oracle Linux 3 : XFree86 (ELSA-2007-0125)NessusOracle Linux Local Security Checks
high
44768Debian DSA-1903-1 : graphicsmagick - several vulnerabilitiesNessusDebian Local Security Checks
critical
44723Debian DSA-1858-1 : imagemagick - multiple vulnerabilitiesNessusDebian Local Security Checks
high
35684Mac OS X Multiple Vulnerabilities (Security Update 2009-001)NessusMacOS X Local Security Checks
critical
29607SuSE 10 Security Update : Xorg X11 (ZYPP Patch Number 3083)NessusSuSE Local Security Checks
high
29351SuSE 10 Security Update : ImageMagick (ZYPP Patch Number 3131)NessusSuSE Local Security Checks
high
28082Ubuntu 6.06 LTS / 6.10 / 7.04 : imagemagick vulnerabilities (USN-481-1)NessusUbuntu Local Security Checks
high
28050Ubuntu 6.06 LTS / 6.10 : libx11 vulnerability (USN-453-1)NessusUbuntu Local Security Checks
high
28045Ubuntu 5.10 / 6.06 LTS / 6.10 : freetype, libxfont, xorg, xorg-server vulnerabilities (USN-448-1)NessusUbuntu Local Security Checks
high
27496openSUSE 10 Security Update : xorg-x11-server (xorg-x11-server-3082)NessusSuSE Local Security Checks
high
27108openSUSE 10 Security Update : ImageMagick (ImageMagick-3130)NessusSuSE Local Security Checks
high
27103openSUSE 10 Security Update : GraphicsMagick (GraphicsMagick-3129)NessusSuSE Local Security Checks
high
25750Mandrake Linux Security Advisory : ImageMagick (MDKSA-2007:147)NessusMandriva Local Security Checks
high
25326RHEL 5 : xorg-x11-apps and libX11 (RHSA-2007:0157)NessusRed Hat Local Security Checks
high
25259Debian DSA-1294-1 : xfree86 - several vulnerabilitiesNessusDebian Local Security Checks
high
25160GLSA-200705-06 : X.Org X11 library: Multiple integer overflowsNessusGentoo Local Security Checks
high
25044CentOS 5 : xorg-x11-apps / libX11 (CESA-2007:0157)NessusCentOS Local Security Checks
high
25006CentOS 4 : xorg (CESA-2007:0126)NessusCentOS Local Security Checks
high
24950RHEL 4 : xorg-x11 (RHSA-2007:0126)NessusRed Hat Local Security Checks
high
24949RHEL 2.1 / 3 : XFree86 (RHSA-2007:0125)NessusRed Hat Local Security Checks
high
24946Mandrake Linux Security Advisory : tightvnc (MDKSA-2007:080-1)NessusMandriva Local Security Checks
high
24945Mandrake Linux Security Advisory : xorg-x11 (MDKSA-2007:079-1)NessusMandriva Local Security Checks
high
24920CentOS 3 : XFree86 (CESA-2007:0125)NessusCentOS Local Security Checks
high
22985Solaris 10 (x86) : 119060-72 (deprecated)NessusSolaris Local Security Checks
high
22952Solaris 10 (sparc) : 119059-73 (deprecated)NessusSolaris Local Security Checks
high