ID CVE-2007-1667
Summary Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
    cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
  • cpe:2.3:a:x.org:libx11:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:x.org:libx11:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:x.org:libx11:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:x.org:libx11:1.0.2:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 16-10-2018 - 16:40)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
  • accepted 2007-09-06T09:13:27.878-04:00
    class vulnerability
    contributors
    name Pai Peng
    organization Opsware, Inc.
    definition_extensions
    • comment Solaris 8 (SPARC) is installed
      oval oval:org.mitre.oval:def:1539
    • comment Solaris 9 (SPARC) is installed
      oval oval:org.mitre.oval:def:1457
    • comment Solaris 10 (SPARC) is installed
      oval oval:org.mitre.oval:def:1440
    • comment Solaris 8 (x86) is installed
      oval oval:org.mitre.oval:def:2059
    • comment Solaris 9 (x86) is installed
      oval oval:org.mitre.oval:def:1683
    • comment Solaris 10 (x86) is installed
      oval oval:org.mitre.oval:def:1926
    description Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.
    family unix
    id oval:org.mitre.oval:def:1693
    status accepted
    submitted 2007-07-26T14:51:13.000-04:00
    title Security Vulnerability in libX11 for Solaris
    version 36
  • accepted 2013-04-29T04:22:04.731-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.
    family unix
    id oval:org.mitre.oval:def:9776
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.
    version 30
redhat via4
advisories
  • bugzilla
    id 235265
    title CVE-2007-1351 Multiple font integer overflows (CVE-2007-1352)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • comment xorg-x11 is earlier than 0:6.8.2-1.EL.13.37.7
            oval oval:com.redhat.rhsa:tst:20070126001
          • comment xorg-x11 is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060451002
        • AND
          • comment xorg-x11-Mesa-libGL is earlier than 0:6.8.2-1.EL.13.37.7
            oval oval:com.redhat.rhsa:tst:20070126003
          • comment xorg-x11-Mesa-libGL is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060451004
        • AND
          • comment xorg-x11-Mesa-libGLU is earlier than 0:6.8.2-1.EL.13.37.7
            oval oval:com.redhat.rhsa:tst:20070126005
          • comment xorg-x11-Mesa-libGLU is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060451006
        • AND
          • comment xorg-x11-Xdmx is earlier than 0:6.8.2-1.EL.13.37.7
            oval oval:com.redhat.rhsa:tst:20070126007
          • comment xorg-x11-Xdmx is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060451008
        • AND
          • comment xorg-x11-Xnest is earlier than 0:6.8.2-1.EL.13.37.7
            oval oval:com.redhat.rhsa:tst:20070126009
          • comment xorg-x11-Xnest is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060451010
        • AND
          • comment xorg-x11-Xvfb is earlier than 0:6.8.2-1.EL.13.37.7
            oval oval:com.redhat.rhsa:tst:20070126011
          • comment xorg-x11-Xvfb is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060451012
        • AND
          • comment xorg-x11-deprecated-libs is earlier than 0:6.8.2-1.EL.13.37.7
            oval oval:com.redhat.rhsa:tst:20070126013
          • comment xorg-x11-deprecated-libs is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060451014
        • AND
          • comment xorg-x11-deprecated-libs-devel is earlier than 0:6.8.2-1.EL.13.37.7
            oval oval:com.redhat.rhsa:tst:20070126015
          • comment xorg-x11-deprecated-libs-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060451016
        • AND
          • comment xorg-x11-devel is earlier than 0:6.8.2-1.EL.13.37.7
            oval oval:com.redhat.rhsa:tst:20070126017
          • comment xorg-x11-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060451018
        • AND
          • comment xorg-x11-doc is earlier than 0:6.8.2-1.EL.13.37.7
            oval oval:com.redhat.rhsa:tst:20070126019
          • comment xorg-x11-doc is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060451020
        • AND
          • comment xorg-x11-font-utils is earlier than 0:6.8.2-1.EL.13.37.7
            oval oval:com.redhat.rhsa:tst:20070126021
          • comment xorg-x11-font-utils is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060451022
        • AND
          • comment xorg-x11-libs is earlier than 0:6.8.2-1.EL.13.37.7
            oval oval:com.redhat.rhsa:tst:20070126023
          • comment xorg-x11-libs is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060451024
        • AND
          • comment xorg-x11-sdk is earlier than 0:6.8.2-1.EL.13.37.7
            oval oval:com.redhat.rhsa:tst:20070126025
          • comment xorg-x11-sdk is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060451026
        • AND
          • comment xorg-x11-tools is earlier than 0:6.8.2-1.EL.13.37.7
            oval oval:com.redhat.rhsa:tst:20070126027
          • comment xorg-x11-tools is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060451028
        • AND
          • comment xorg-x11-twm is earlier than 0:6.8.2-1.EL.13.37.7
            oval oval:com.redhat.rhsa:tst:20070126029
          • comment xorg-x11-twm is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060451030
        • AND
          • comment xorg-x11-xauth is earlier than 0:6.8.2-1.EL.13.37.7
            oval oval:com.redhat.rhsa:tst:20070126031
          • comment xorg-x11-xauth is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060451032
        • AND
          • comment xorg-x11-xdm is earlier than 0:6.8.2-1.EL.13.37.7
            oval oval:com.redhat.rhsa:tst:20070126033
          • comment xorg-x11-xdm is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060451034
        • AND
          • comment xorg-x11-xfs is earlier than 0:6.8.2-1.EL.13.37.7
            oval oval:com.redhat.rhsa:tst:20070126035
          • comment xorg-x11-xfs is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060451036
    rhsa
    id RHSA-2007:0126
    released 2007-04-03
    severity Important
    title RHSA-2007:0126: xorg-x11 security update (Important)
  • bugzilla
    id 231684
    title CVE-2007-1667 XGetPixel() integer overflow
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • comment libX11 is earlier than 0:1.0.3-8.0.1.el5
            oval oval:com.redhat.rhsa:tst:20070157001
          • comment libX11 is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070157002
        • AND
          • comment libX11-devel is earlier than 0:1.0.3-8.0.1.el5
            oval oval:com.redhat.rhsa:tst:20070157003
          • comment libX11-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070157004
        • AND
          • comment xorg-x11-apps is earlier than 0:7.1-4.0.1.el5
            oval oval:com.redhat.rhsa:tst:20070157005
          • comment xorg-x11-apps is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070157006
    rhsa
    id RHSA-2007:0157
    released 2007-04-16
    severity Moderate
    title RHSA-2007:0157: xorg-x11-apps and libX11 security update (Moderate)
  • rhsa
    id RHSA-2007:0125
rpms
  • XFree86-0:4.1.0-82.EL
  • XFree86-0:4.3.0-120.EL
  • XFree86-100dpi-fonts-0:4.1.0-82.EL
  • XFree86-100dpi-fonts-0:4.3.0-120.EL
  • XFree86-75dpi-fonts-0:4.1.0-82.EL
  • XFree86-75dpi-fonts-0:4.3.0-120.EL
  • XFree86-ISO8859-14-100dpi-fonts-0:4.3.0-120.EL
  • XFree86-ISO8859-14-75dpi-fonts-0:4.3.0-120.EL
  • XFree86-ISO8859-15-100dpi-fonts-0:4.1.0-82.EL
  • XFree86-ISO8859-15-100dpi-fonts-0:4.3.0-120.EL
  • XFree86-ISO8859-15-75dpi-fonts-0:4.1.0-82.EL
  • XFree86-ISO8859-15-75dpi-fonts-0:4.3.0-120.EL
  • XFree86-ISO8859-2-100dpi-fonts-0:4.1.0-82.EL
  • XFree86-ISO8859-2-100dpi-fonts-0:4.3.0-120.EL
  • XFree86-ISO8859-2-75dpi-fonts-0:4.1.0-82.EL
  • XFree86-ISO8859-2-75dpi-fonts-0:4.3.0-120.EL
  • XFree86-ISO8859-9-100dpi-fonts-0:4.1.0-82.EL
  • XFree86-ISO8859-9-100dpi-fonts-0:4.3.0-120.EL
  • XFree86-ISO8859-9-75dpi-fonts-0:4.1.0-82.EL
  • XFree86-ISO8859-9-75dpi-fonts-0:4.3.0-120.EL
  • XFree86-Mesa-libGL-0:4.3.0-120.EL
  • XFree86-Mesa-libGLU-0:4.3.0-120.EL
  • XFree86-Xnest-0:4.1.0-82.EL
  • XFree86-Xnest-0:4.3.0-120.EL
  • XFree86-Xvfb-0:4.1.0-82.EL
  • XFree86-Xvfb-0:4.3.0-120.EL
  • XFree86-base-fonts-0:4.3.0-120.EL
  • XFree86-cyrillic-fonts-0:4.1.0-82.EL
  • XFree86-cyrillic-fonts-0:4.3.0-120.EL
  • XFree86-devel-0:4.1.0-82.EL
  • XFree86-devel-0:4.3.0-120.EL
  • XFree86-doc-0:4.1.0-82.EL
  • XFree86-doc-0:4.3.0-120.EL
  • XFree86-font-utils-0:4.3.0-120.EL
  • XFree86-libs-0:4.1.0-82.EL
  • XFree86-libs-0:4.3.0-120.EL
  • XFree86-libs-data-0:4.3.0-120.EL
  • XFree86-sdk-0:4.3.0-120.EL
  • XFree86-syriac-fonts-0:4.3.0-120.EL
  • XFree86-tools-0:4.1.0-82.EL
  • XFree86-tools-0:4.3.0-120.EL
  • XFree86-truetype-fonts-0:4.3.0-120.EL
  • XFree86-twm-0:4.1.0-82.EL
  • XFree86-twm-0:4.3.0-120.EL
  • XFree86-xauth-0:4.3.0-120.EL
  • XFree86-xdm-0:4.1.0-82.EL
  • XFree86-xdm-0:4.3.0-120.EL
  • XFree86-xf86cfg-0:4.1.0-82.EL
  • XFree86-xfs-0:4.1.0-82.EL
  • XFree86-xfs-0:4.3.0-120.EL
  • xorg-x11-0:6.8.2-1.EL.13.37.7
  • xorg-x11-Mesa-libGL-0:6.8.2-1.EL.13.37.7
  • xorg-x11-Mesa-libGLU-0:6.8.2-1.EL.13.37.7
  • xorg-x11-Xdmx-0:6.8.2-1.EL.13.37.7
  • xorg-x11-Xnest-0:6.8.2-1.EL.13.37.7
  • xorg-x11-Xvfb-0:6.8.2-1.EL.13.37.7
  • xorg-x11-deprecated-libs-0:6.8.2-1.EL.13.37.7
  • xorg-x11-deprecated-libs-devel-0:6.8.2-1.EL.13.37.7
  • xorg-x11-devel-0:6.8.2-1.EL.13.37.7
  • xorg-x11-doc-0:6.8.2-1.EL.13.37.7
  • xorg-x11-font-utils-0:6.8.2-1.EL.13.37.7
  • xorg-x11-libs-0:6.8.2-1.EL.13.37.7
  • xorg-x11-sdk-0:6.8.2-1.EL.13.37.7
  • xorg-x11-tools-0:6.8.2-1.EL.13.37.7
  • xorg-x11-twm-0:6.8.2-1.EL.13.37.7
  • xorg-x11-xauth-0:6.8.2-1.EL.13.37.7
  • xorg-x11-xdm-0:6.8.2-1.EL.13.37.7
  • xorg-x11-xfs-0:6.8.2-1.EL.13.37.7
  • libX11-0:1.0.3-8.0.1.el5
  • libX11-debuginfo-0:1.0.3-8.0.1.el5
  • libX11-devel-0:1.0.3-8.0.1.el5
  • xorg-x11-apps-0:7.1-4.0.1.el5
  • xorg-x11-apps-debuginfo-0:7.1-4.0.1.el5
refmap via4
apple APPLE-SA-2009-02-12
bid 23300
bugtraq
  • 20070404 rPSA-2007-0065-1 freetype xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs
  • 20070405 FLEA-2007-0009-1: xorg-x11 freetype
confirm
debian
  • DSA-1294
  • DSA-1858
gentoo
  • GLSA-200705-06
  • GLSA-200805-07
mandriva
  • MDKSA-2007:079
  • MDKSA-2007:147
mlist [xorg-announce] 20070403 various integer overflow vulnerabilites in xserver, libX11 and libXfont
openbsd
  • [3.9] 021: SECURITY FIX: April 4, 2007
  • [4.0] 011: SECURITY FIX: April 4, 2007
sectrack 1017864
secunia
  • 24739
  • 24741
  • 24745
  • 24756
  • 24758
  • 24765
  • 24771
  • 24791
  • 24953
  • 24975
  • 25004
  • 25072
  • 25112
  • 25131
  • 25305
  • 25992
  • 26177
  • 30161
  • 33937
  • 36260
sunalert 102888
suse
  • SUSE-SA:2007:027
  • SUSE-SR:2007:008
ubuntu
  • USN-453-1
  • USN-453-2
  • USN-481-1
vupen
  • ADV-2007-1217
  • ADV-2007-1531
Last major update 16-10-2018 - 16:40
Published 24-03-2007 - 21:19
Last modified 16-10-2018 - 16:40
Back to Top