Lucene search
UbuntuUSN-550-1HistoryDec 03, 2007 - 12:00 a.m.
Cairo vulnerability
2007-12-0300:00:00
ubuntu.com
32
7 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.121 Low
EPSS
Percentile
95.3%
Releases
- Ubuntu 7.10
- Ubuntu 7.04
- Ubuntu 6.10
- Ubuntu 6.06
Packages
- libcairo -
Details
Peter Valchev discovered that Cairo did not correctly decode PNG image data.
By tricking a user or automated system into processing a specially crafted
PNG with Cairo, a remote attacker could execute arbitrary code with user
privileges.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 7.10 | noarch | libcairo2 | < 1.4.10-1ubuntu4.1 | UNKNOWN |
| Ubuntu | 7.10 | noarch | libcairo-directfb2 | < 1.4.10-1ubuntu4.1 | UNKNOWN |
| Ubuntu | 7.10 | noarch | libcairo-directfb2-dev | < 1.4.10-1ubuntu4.1 | UNKNOWN |
| Ubuntu | 7.10 | noarch | libcairo-directfb2-udeb | < 1.4.10-1ubuntu4.1 | UNKNOWN |
| Ubuntu | 7.10 | noarch | libcairo2-dev | < 1.4.10-1ubuntu4.1 | UNKNOWN |
| Ubuntu | 7.04 | noarch | libcairo2 | < 1.4.2-0ubuntu1.1 | UNKNOWN |
| Ubuntu | 7.04 | noarch | libcairo-directfb2 | < 1.4.2-0ubuntu1.1 | UNKNOWN |
| Ubuntu | 7.04 | noarch | libcairo-directfb2-dev | < 1.4.2-0ubuntu1.1 | UNKNOWN |
| Ubuntu | 7.04 | noarch | libcairo-directfb2-udeb | < 1.4.2-0ubuntu1.1 | UNKNOWN |
| Ubuntu | 7.04 | noarch | libcairo2-dev | < 1.4.2-0ubuntu1.1 | UNKNOWN |
References
Related
openvas
openvas
Gentoo Security Advisory GLSA 200712-24 (emul-linux-x86-gtklibs)
2008-09-24 00:00:00
Debian Security Advisory DSA 1542-1 (libcairo)
2008-04-21 00:00:00
Slackware Advisory SSA:2007-337-01 cairo
2012-09-11 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:18:35
debian
debian
[SECURITY] [DSA 1542-1] New libcairo packages fix arbitrary code execution
2008-04-09 17:55:58
nessus
nessus
SuSE 10 Security Update : cairo (ZYPP Patch Number 4961)
2008-02-06 00:00:00
Fedora 7 : cairo-1.4.14-1.fc7 (2007-3818)
2008-01-21 00:00:00
Slackware 11.0 / 12.0 / current : cairo (SSA:2007-337-01)
2007-12-04 00:00:00
osv
osv
libcairo - arbitrary code execution
2008-04-09 00:00:00
fedora
fedora
[SECURITY] Fedora 7 Update: cairo-1.4.14-1.fc7
2008-01-19 00:00:36
cve
cve
CVE-2007-5503
2007-11-30 01:46:00
redhat
redhat
(RHSA-2007:1078) Important: cairo security update
2007-11-29 00:00:00
oraclelinux
oraclelinux
Important: cairo security update
2007-11-29 00:00:00
gentoo
gentoo
Cairo: User-assisted execution of arbitrary code
2007-12-09 00:00:00
VMware Player, Server, Workstation: Multiple vulnerabilities
2012-09-29 00:00:00
prion
prion
Integer overflow
2007-11-30 01:46:00
ubuntucve
ubuntucve
CVE-2007-5503
2007-11-30 00:00:00
slackware
slackware
[slackware-security] cairo
2007-12-04 05:04:38
securityvulns
securityvulns
7 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.121 Low
EPSS
Percentile
95.3%
Related for USN-550-1