CVE-2007-1667

XGetPixel() integer overflow

Severity Score

9.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.

Múltiples desbordamientos de enteros en (1) la función XGetPixel en el archivo ImUtil.c en X.Org libx11 anterior a la versión 1.0.3 y (2) la función XInitImage en el archivo xwd.c para ImageMagick, permiten a los atacantes remotos asistidos por el usuario causar una denegación de servicio (bloqueo) o obtener información confidencial por medio de imágenes elaboradas con valores grandes o negativos que desencadenan un desbordamiento de búfer.

*Credits: N/A

CVSS Scores

NISTv2 9.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-03-24 CVE Reserved
2007-03-24 CVE Published
2024-08-07 CVE Updated
2024-10-03 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-189: Numeric Errors

CAPEC

References (56)

URL	Tag	Source
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414045	Third Party Advisory
http://issues.foresightlinux.org/browse/FL-223	Broken Link
http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html	Mailing List
http://secunia.com/advisories/24739	Broken Link
http://secunia.com/advisories/24741	Broken Link
http://secunia.com/advisories/24745	Broken Link
http://secunia.com/advisories/24756	Broken Link
http://secunia.com/advisories/24758	Broken Link
http://secunia.com/advisories/24765	Broken Link
http://secunia.com/advisories/24771	Broken Link
http://secunia.com/advisories/24791	Broken Link
http://secunia.com/advisories/24953	Broken Link
http://secunia.com/advisories/24975	Broken Link
http://secunia.com/advisories/25004	Broken Link
http://secunia.com/advisories/25072	Broken Link
http://secunia.com/advisories/25112	Broken Link
http://secunia.com/advisories/25131	Broken Link
http://secunia.com/advisories/25305	Broken Link
http://secunia.com/advisories/25992	Broken Link
http://secunia.com/advisories/26177	Broken Link
http://secunia.com/advisories/30161	Broken Link
http://secunia.com/advisories/33937	Broken Link
http://secunia.com/advisories/36260	Third Party Advisory
http://support.apple.com/kb/HT3438	Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-176.htm	Third Party Advisory
http://www.securityfocus.com/archive/1/464686/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/464816/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/23300	Third Party Advisory
http://www.securitytracker.com/id?1017864	Third Party Advisory
http://www.vupen.com/english/advisories/2007/1217	Broken Link
http://www.vupen.com/english/advisories/2007/1531	Third Party Advisory
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231684	Issue Tracking
https://issues.rpath.com/browse/RPL-1211	Broken Link
https://issues.rpath.com/browse/RPL-1213	Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1693	Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9776	Broken Link

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html	2024-06-26
http://rhn.redhat.com/errata/RHSA-2007-0125.html	2024-06-26
http://security.gentoo.org/glsa/glsa-200705-06.xml	2024-06-26
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102888-1	2024-06-26
http://www.debian.org/security/2007/dsa-1294	2024-06-26
http://www.debian.org/security/2009/dsa-1858	2024-06-26
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml	2024-06-26
http://www.mandriva.com/security/advisories?name=MDKSA-2007:079	2024-06-26
http://www.mandriva.com/security/advisories?name=MDKSA-2007:147	2024-06-26
http://www.novell.com/linux/security/advisories/2007_27_x.html	2024-06-26
http://www.novell.com/linux/security/advisories/2007_8_sr.html	2024-06-26
http://www.openbsd.org/errata39.html#021_xorg	2024-06-26
http://www.openbsd.org/errata40.html#011_xorg	2024-06-26
http://www.redhat.com/support/errata/RHSA-2007-0126.html	2024-06-26
http://www.redhat.com/support/errata/RHSA-2007-0157.html	2024-06-26
http://www.ubuntu.com/usn/usn-453-1	2024-06-26
http://www.ubuntu.com/usn/usn-453-2	2024-06-26
http://www.ubuntu.com/usn/usn-481-1	2024-06-26
https://access.redhat.com/security/cve/CVE-2007-1667	2007-04-16
https://bugzilla.redhat.com/show_bug.cgi?id=231684	2007-04-16

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
X.org Search vendor "X.org"		Libx11 Search vendor "X.org" for product "Libx11"				<= 1.0.2 Search vendor "X.org" for product "Libx11" and version " <= 1.0.2"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				3.1 Search vendor "Debian" for product "Debian Linux" and version "3.1"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				4.0 Search vendor "Debian" for product "Debian Linux" and version "4.0"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				6.06 Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				6.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "6.10"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				7.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "7.04"		-		Affected