Lucene search

K
cveRedhatCVE-2007-1667
HistoryMar 24, 2007 - 9:19 p.m.

CVE-2007-1667

2007-03-2421:19:00
CWE-189
redhat
web.nvd.nist.gov
63
cve-2007-1667
integer overflows
buffer overflow
libx11
imagemagick
nvd
denial of service
remote attack
sensitive information

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

High

EPSS

0.084

Percentile

94.5%

Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.

Affected configurations

Nvd
Node
x.orglibx11Range1.0.2
Node
debiandebian_linuxMatch3.1
OR
debiandebian_linuxMatch4.0
Node
canonicalubuntu_linuxMatch6.06
OR
canonicalubuntu_linuxMatch6.10
OR
canonicalubuntu_linuxMatch7.04
VendorProductVersionCPE
x.orglibx11*cpe:2.3:a:x.org:libx11:*:*:*:*:*:*:*:*
debiandebian_linux3.1cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
debiandebian_linux4.0cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
canonicalubuntu_linux6.06cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
canonicalubuntu_linux6.10cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
canonicalubuntu_linux7.04cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*

References

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

High

EPSS

0.084

Percentile

94.5%