CVE - CVE-2007-1667

CVE-ID
CVE-2007-1667	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
APPLE:APPLE-SA-2009-02-12 URL:http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html BID:23300 URL:http://www.securityfocus.com/bid/23300 BUGTRAQ:20070404 rPSA-2007-0065-1 freetype xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs URL:http://www.securityfocus.com/archive/1/464686/100/0/threaded BUGTRAQ:20070405 FLEA-2007-0009-1: xorg-x11 freetype URL:http://www.securityfocus.com/archive/1/464816/100/0/threaded CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414045 CONFIRM:http://issues.foresightlinux.org/browse/FL-223 CONFIRM:http://support.apple.com/kb/HT3438 CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2007-176.htm CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231684 CONFIRM:https://issues.rpath.com/browse/RPL-1211 CONFIRM:https://issues.rpath.com/browse/RPL-1213 DEBIAN:DSA-1294 URL:http://www.debian.org/security/2007/dsa-1294 DEBIAN:DSA-1858 URL:http://www.debian.org/security/2009/dsa-1858 GENTOO:GLSA-200705-06 URL:http://security.gentoo.org/glsa/glsa-200705-06.xml GENTOO:GLSA-200805-07 URL:http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml MANDRIVA:MDKSA-2007:079 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2007:079~~ (Obsolete source) MANDRIVA:MDKSA-2007:147 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2007:147~~ (Obsolete source) MLIST:[xorg-announce] 20070403 various integer overflow vulnerabilites in xserver, libX11 and libXfont URL:http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html OPENBSD:[3.9] 021: SECURITY FIX: April 4, 2007 URL:http://www.openbsd.org/errata39.html#021_xorg OPENBSD:[4.0] 011: SECURITY FIX: April 4, 2007 URL:http://www.openbsd.org/errata40.html#011_xorg OVAL:oval:org.mitre.oval:def:1693 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1693 OVAL:oval:org.mitre.oval:def:9776 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9776 REDHAT:RHSA-2007:0125 URL:http://rhn.redhat.com/errata/RHSA-2007-0125.html REDHAT:RHSA-2007:0126 URL:http://www.redhat.com/support/errata/RHSA-2007-0126.html REDHAT:RHSA-2007:0157 URL:http://www.redhat.com/support/errata/RHSA-2007-0157.html SECTRACK:1017864 URL:http://www.securitytracker.com/id?1017864 SECUNIA:24739 URL:http://secunia.com/advisories/24739 SECUNIA:24741 URL:http://secunia.com/advisories/24741 SECUNIA:24745 URL:http://secunia.com/advisories/24745 SECUNIA:24756 URL:http://secunia.com/advisories/24756 SECUNIA:24758 URL:http://secunia.com/advisories/24758 SECUNIA:24765 URL:http://secunia.com/advisories/24765 SECUNIA:24771 URL:http://secunia.com/advisories/24771 SECUNIA:24791 URL:http://secunia.com/advisories/24791 SECUNIA:24953 URL:http://secunia.com/advisories/24953 SECUNIA:24975 URL:http://secunia.com/advisories/24975 SECUNIA:25004 URL:http://secunia.com/advisories/25004 SECUNIA:25072 URL:http://secunia.com/advisories/25072 SECUNIA:25112 URL:http://secunia.com/advisories/25112 SECUNIA:25131 URL:http://secunia.com/advisories/25131 SECUNIA:25305 URL:http://secunia.com/advisories/25305 SECUNIA:25992 URL:http://secunia.com/advisories/25992 SECUNIA:26177 URL:http://secunia.com/advisories/26177 SECUNIA:30161 URL:http://secunia.com/advisories/30161 SECUNIA:33937 URL:http://secunia.com/advisories/33937 SECUNIA:36260 URL:http://secunia.com/advisories/36260 SUNALERT:102888 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-102888-1~~ (Obsolete source) SUSE:SUSE-SA:2007:027 URL:http://www.novell.com/linux/security/advisories/2007_27_x.html SUSE:SUSE-SR:2007:008 URL:http://www.novell.com/linux/security/advisories/2007_8_sr.html UBUNTU:USN-453-1 URL:http://www.ubuntu.com/usn/usn-453-1 UBUNTU:USN-453-2 URL:http://www.ubuntu.com/usn/usn-453-2 UBUNTU:USN-481-1 URL:http://www.ubuntu.com/usn/usn-481-1 VUPEN:ADV-2007-1217 URL:~~http://www.vupen.com/english/advisories/2007/1217~~ (Obsolete source) VUPEN:ADV-2007-1531 URL:~~http://www.vupen.com/english/advisories/2007/1531~~ (Obsolete source)
Assigning CNA
Red Hat, Inc.
Date Record Created
20070324	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070324)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)