what you don't know can hurt you
Showing 1 - 9 of 9 RSS Feed

CVE-2007-1667

Status Candidate

Overview

Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.

Related Files

Debian Linux Security Advisory 1903-1
Posted Oct 8, 2009
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1903-1 - Several vulnerabilities have been discovered in graphicsmagick, a collection of image processing tool, which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS.

tags | advisory, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2007-1667, CVE-2007-1797, CVE-2007-4985, CVE-2007-4986, CVE-2007-4988, CVE-2008-1096, CVE-2008-3134, CVE-2008-6070, CVE-2008-6071, CVE-2008-6072, CVE-2008-6621, CVE-2009-1882
MD5 | 44250af116afaa8973aff22dd954c77b
Debian Linux Security Advisory 1858-1
Posted Aug 11, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1858-1 - Several vulnerabilities have been discovered in the imagemagick image manipulation programs which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS.

tags | advisory, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2007-1667, CVE-2007-1797, CVE-2007-4985, CVE-2007-4986, CVE-2007-4987, CVE-2007-4988, CVE-2008-1096, CVE-2008-1097, CVE-2009-1882
MD5 | a02cba53ec459adb186f48b8d9a29b92
Mandriva Linux Security Advisory 2007.147
Posted Jul 23, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A number of vulnerabilities were discovered in how ImageMagick handles DCM and XWD image files. If a user were tricked into processing a specially crafted image file with an application that uses ImageMagick, an attacker could cause a heap-based buffer overflow and possibly execute arbitrary code with the user's privileges.

tags | advisory, overflow, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2007-1667, CVE-2007-1797
MD5 | f3216450ce9dcbd1a1a9233c58a6e106
Ubuntu Security Notice 481-1
Posted Jul 11, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 481-1 - Multiple vulnerabilities were found in ImageMagick's handling of DCM and WXD image files. By tricking a user into processing a specially crafted image with an application that uses imagemagick, an attacker could execute arbitrary code with the user's privileges.

tags | advisory, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2007-1667, CVE-2007-1797
MD5 | 095128437acef8fc0977a7ab0e8f6c21
Debian Linux Security Advisory 1294-1
Posted May 21, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1294-1 - Several vulnerabilities have been discovered in the X Window System, which may lead to privilege escalation.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2007-1003, CVE-2007-1351, CVE-2007-1352, CVE-2007-1667
MD5 | 86a345b19efcdfe94c93fb537b917b62
Gentoo Linux Security Advisory 200705-6
Posted May 8, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200705-06 - Multiple integer overflows have been reported in the XGetPixel() function of the X.Org X11 library. Versions less than 1.0.3-r2 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2007-1667
MD5 | 8d93e993f528bbf688b05056720da2b9
Ubuntu Security Notice 453-2
Posted May 3, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 453-2 - USN-453-1 provided an updated libx11 package to fix a security vulnerability. This triggered an error in rdesktop so that it crashed on startup. This update fixes the problem.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2007-1667
MD5 | c65cd90b31c101264b86a08cc036d8f7
Ubuntu Security Notice 453-1
Posted Apr 19, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 453-1 - Multiple integer overflows were found in the XGetPixel function of libx11. If a user were tricked into opening a specially crafted XWD image, remote attackers could execute arbitrary code with user privileges.

tags | advisory, remote, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2007-1667
MD5 | ea108fb8ea29b9e3a38f9f0a0988dd66
Mandriva Linux Security Advisory 2007.079
Posted Apr 5, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Local exploitation of a memory corruption vulnerability in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. The vulnerability exists in the ProcXCMiscGetXIDList() function in the XC-MISC extension. This request is used to determine what resource IDs are available for use. This function contains two vulnerabilities, both result in memory corruption of either the stack or heap. The ALLOCATE_LOCAL() macro used by this function allocates memory on the stack using alloca() on systems where alloca() is present, or using the heap otherwise. The handler function takes a user provided value, multiplies it, and then passes it to the above macro. This results in both an integer overflow vulnerability, and an alloca() stack pointer shifting vulnerability. Both can be exploited to execute arbitrary code. iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. Multiple integer overflows in the XGetPixel function in ImUtil.c in x.org libx11 before 1.0.3, and XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or information leak via crafted images with large or negative values that trigger a buffer overflow.

tags | advisory, remote, denial of service, overflow, arbitrary, local, root, vulnerability
systems | linux, mandriva
advisories | CVE-2007-1003, CVE-2007-1351, CVE-2007-1352, CVE-2007-1667
MD5 | c0ef81e3cf770b6f9cac79ac2e3d346d
Page 1 of 1
Back1Next

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    16 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    7 Files
  • 18
    Jul 18th
    5 Files
  • 19
    Jul 19th
    12 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close