CVE-2007-1667 : Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org li

Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.

Published 2007-03-24 21:19:00

Updated 2024-06-26 15:53:19

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: OverflowDenial of service

Products affected by CVE-2007-1667

Debian » Debian Linux » Version: 4.0
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 3.1
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
Matching versions
X.org » Libx11
Versions up to, including, (<=) 1.0.2
cpe:2.3:a:x.org:libx11:*:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 6.06
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 6.10
cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 7.04
cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2007-1667

EPSS FAQ

1.14%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 77 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2007-1667

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2007-1667

CWE-189

Assigned by: nvd@nist.gov (Primary)

References for CVE-2007-1667

http://secunia.com/advisories/24745

About Secunia Research | Flexera
Broken Link
http://www.openbsd.org/errata40.html#011_xorg

OpenBSD 4.0 Errata
Third Party Advisory

CVEs referencing this url
http://www.ubuntu.com/usn/usn-453-2

USN-453-2: rdesktop regression | Ubuntu security notices | Ubuntu
Third Party Advisory
http://secunia.com/advisories/24771

About Secunia Research | Flexera
Broken Link
http://issues.foresightlinux.org/browse/FL-223

Broken Link

CVEs referencing this url
http://secunia.com/advisories/25131

About Secunia Research | Flexera
Broken Link
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml

Linux Terminal Server Project: Multiple vulnerabilities (GLSA 200805-07) — Gentoo security
Third Party Advisory

CVEs referencing this url
https://issues.rpath.com/browse/RPL-1211

Broken Link
http://secunia.com/advisories/24739

About Secunia Research | Flexera
Broken Link
http://www.ubuntu.com/usn/usn-453-1

USN-453-1: X.org vulnerability | Ubuntu security notices | Ubuntu
Third Party Advisory
http://secunia.com/advisories/24756

About Secunia Research | Flexera
Broken Link
http://www.securityfocus.com/archive/1/464686/100/0/threaded

Third Party Advisory;VDB Entry

CVEs referencing this url
http://www.novell.com/linux/security/advisories/2007_8_sr.html

404 Page Not Found | SUSE
Third Party Advisory

CVEs referencing this url
http://secunia.com/advisories/25992

About Secunia Research | Flexera
Broken Link
http://www.debian.org/security/2009/dsa-1858

[SECURITY] [DSA 1858-1] New imagemagick packages fix several vulnerabilities
Third Party Advisory

CVEs referencing this url
http://security.gentoo.org/glsa/glsa-200705-06.xml

X.Org X11 library: Multiple integer overflows (GLSA 200705-06) — Gentoo security
Broken Link
http://www.novell.com/linux/security/advisories/2007_27_x.html

404 Page Not Found | SUSE
Broken Link

CVEs referencing this url
http://www.vupen.com/english/advisories/2007/1217

Site en construction
Broken Link

CVEs referencing this url
http://www.redhat.com/support/errata/RHSA-2007-0126.html

Support
Third Party Advisory

CVEs referencing this url
http://www.openbsd.org/errata39.html#021_xorg

OpenBSD 3.9 Errata
Third Party Advisory

CVEs referencing this url
http://secunia.com/advisories/24741

About Secunia Research | Flexera
Broken Link
http://secunia.com/advisories/36260

About Secunia Research | Flexera
Third Party Advisory

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDKSA-2007:079

Security | Mandriva
Third Party Advisory

CVEs referencing this url
http://secunia.com/advisories/25072

About Secunia Research | Flexera
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1693

404 Not Found
Broken Link
http://secunia.com/advisories/25112

About Secunia Research | Flexera
Broken Link
http://secunia.com/advisories/25305

About Secunia Research | Flexera
Broken Link
http://secunia.com/advisories/26177

About Secunia Research | Flexera
Broken Link
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414045

#414045 - libX11: Buffer overflow in XGetPixel(). - Debian Bug report logs
Third Party Advisory
http://secunia.com/advisories/24765

About Secunia Research | Flexera
Broken Link
http://www.ubuntu.com/usn/usn-481-1

USN-481-1: ImageMagick vulnerabilities | Ubuntu security notices | Ubuntu
Broken Link

CVEs referencing this url
http://www.vupen.com/english/advisories/2007/1531

Site en construction
Third Party Advisory
http://secunia.com/advisories/24975

About Secunia Research | Flexera
Broken Link
http://secunia.com/advisories/24791

About Secunia Research | Flexera
Broken Link
http://www.securitytracker.com/id?1017864

GoDaddy Domain Name Search
Third Party Advisory;VDB Entry
http://www.securityfocus.com/bid/23300

Third Party Advisory;VDB Entry

CVEs referencing this url
http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html

[ANNOUNCE] various integer overflow vulnerabilites in xserver, libX11 and libXfont
Mailing List;Third Party Advisory

CVEs referencing this url
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102888-1

Broken Link
http://secunia.com/advisories/33937

About Secunia Research | Flexera
Broken Link

CVEs referencing this url
http://secunia.com/advisories/30161

About Secunia Research | Flexera
Broken Link
http://www.mandriva.com/security/advisories?name=MDKSA-2007:147

Security | Mandriva
Broken Link

CVEs referencing this url
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231684

231684 – (CVE-2007-1667) CVE-2007-1667 XGetPixel() integer overflow
Issue Tracking;Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0157.html

Support
Third Party Advisory
http://support.apple.com/kb/HT3438

About the security content of Security Update 2009-001 - Apple Support
Third Party Advisory

CVEs referencing this url
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

Mailing List;Third Party Advisory

CVEs referencing this url
http://support.avaya.com/elmodocs2/security/ASA-2007-176.htm

ASA-2007-176 (SUN 102888)
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9776

404 Not Found
Broken Link
https://issues.rpath.com/browse/RPL-1213

Broken Link

CVEs referencing this url
http://secunia.com/advisories/24953

About Secunia Research | Flexera
Broken Link
http://www.debian.org/security/2007/dsa-1294

[SECURITY] [DSA 1294-1] New xfree86 packages fix several vulnerabilities
Third Party Advisory

CVEs referencing this url
http://secunia.com/advisories/25004

About Secunia Research | Flexera
Broken Link
http://rhn.redhat.com/errata/RHSA-2007-0125.html

RHSA-2007:0125 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/archive/1/464816/100/0/threaded

Third Party Advisory;VDB Entry

CVEs referencing this url
http://secunia.com/advisories/24758

About Secunia Research | Flexera
Broken Link

Jump to

Vulnerability Details : CVE-2007-1667

Products affected by CVE-2007-1667

Exploit prediction scoring system (EPSS) score for CVE-2007-1667

CVSS scores for CVE-2007-1667

CWE ids for CVE-2007-1667

References for CVE-2007-1667