what you don't know can hurt you
Showing 1 - 7 of 7 RSS Feed

CVE-2007-5503

Status Candidate

Overview

Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image with large width and height values, which is not properly handled by the read_png function.

Related Files

Gentoo Linux Security Advisory 201209-25
Posted Sep 30, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201209-25 - Multiple vulnerabilities have been found in VMware Player, Server, and Workstation, allowing remote and local attackers to conduct several attacks, including privilege escalation, remote execution of arbitrary code, and a Denial of Service.

tags | advisory, remote, denial of service, arbitrary, local, vulnerability
systems | linux, gentoo
advisories | CVE-2007-5269, CVE-2007-5503, CVE-2007-5671, CVE-2008-0967, CVE-2008-1340, CVE-2008-1361, CVE-2008-1362, CVE-2008-1363, CVE-2008-1364, CVE-2008-1392, CVE-2008-1447, CVE-2008-1806, CVE-2008-1807, CVE-2008-1808, CVE-2008-2098, CVE-2008-2100, CVE-2008-2101, CVE-2008-4915, CVE-2008-4916, CVE-2008-4917, CVE-2009-0040, CVE-2009-0909, CVE-2009-0910, CVE-2009-1244, CVE-2009-2267, CVE-2009-3707, CVE-2009-3732, CVE-2009-3733
MD5 | 51bbb06deb17fab0f37713179ca258d1
VMware Security Advisory 2008-0014
Posted Aug 31, 2008
Authored by VMware | Site vmware.com

VMware Security Advisory - Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.

tags | advisory, info disclosure
advisories | CVE-2008-2101, CVE-2007-5269, CVE-2008-1447, CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, CVE-2007-5438, CVE-2008-3696, CVE-2008-3697, CVE-2008-3698, CVE-2008-1806, CVE-2008-1807, CVE-2008-1808, CVE-2007-5503
MD5 | 66543adde34c36baff73bda1674cfb79
Debian Linux Security Advisory 1542-1
Posted Apr 10, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1542-1 - Peter Valchev (Google Security) discovered a series of integer overflow weaknesses in Cairo, a vector graphics rendering library used by many other applications. If an application uses cairo to render a maliciously-crafted PNG image, the vulnerability allows the execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2007-5503
MD5 | 2fe7514d32330d4652a01caf2edba8f8
Mandriva Linux Security Advisory 2008-019
Posted Jan 22, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Peter Valchev discovered that Cairo did not correctly decode PNG image data. By tricking a user or automated system into processing a specially crafted PNG with Cairo, a remote attacker could execute arbitrary code with the privileges of the user opening the file.

tags | advisory, remote, arbitrary
systems | linux, mandriva
advisories | CVE-2007-5503
MD5 | db81aa6bb531e1ab168e885f000ec566
Ubuntu Security Notice 550-3
Posted Dec 13, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 550-3 - USN-550-1 fixed vulnerabilities in Cairo. A bug in font glyph rendering was uncovered as a result of the new memory allocation routines. In certain situations, fonts containing characters with no width or height would not render any more. This update fixes the problem. Peter Valchev discovered that Cairo did not correctly decode PNG image data. By tricking a user or automated system into processing a specially crafted PNG with Cairo, a remote attacker could execute arbitrary code with user privileges.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2007-5503
MD5 | 2370d0c51e796c283bd73261ef0bf925
Gentoo Linux Security Advisory 200712-4
Posted Dec 10, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200712-04 - Multiple integer overflows were reported, one of which Peter Valchev (Google Security) found to be leading to a heap-based buffer overflow in the cairo_image_surface_create_from_png() function that processes PNG images. Versions less than 1.4.12 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2007-5503
MD5 | c8181a83e53f8c137b7101bdae456400
Ubuntu Security Notice 550-1
Posted Dec 4, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 550-1 - Peter Valchev discovered that Cairo did not correctly decode PNG image data. By tricking a user or automated system into processing a specially crafted PNG with Cairo, a remote attacker could execute arbitrary code with user privileges.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2007-5503
MD5 | 5975ff335956b85fe3c414e8ffa19e1b
Page 1 of 1
Back1Next

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    7 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close