ID CVE-2007-1667
Summary Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.
References
Vulnerable Configurations
  • ImageMagick
    cpe:2.3:a:imagemagick:imagemagick
  • cpe:2.3:a:x.org:libx11:1.0.2
    cpe:2.3:a:x.org:libx11:1.0.2
CVSS
Base: 9.3 (as of 26-03-2007 - 21:13)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200705-06.NASL
    description The remote host is affected by the vulnerability described in GLSA-200705-06 (X.Org X11 library: Multiple integer overflows) Multiple integer overflows have been reported in the XGetPixel() function of the X.Org X11 library. Impact : By enticing a user to open a specially crafted image, an attacker could cause a Denial of Service or an integer overflow, potentially resulting in the execution of arbitrary code with root privileges. Workaround : There is no known workaround at this time.
    last seen 2019-01-16
    modified 2018-08-10
    plugin id 25160
    published 2007-05-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25160
    title GLSA-200705-06 : X.Org X11 library: Multiple integer overflows
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0125.NASL
    description From Red Hat Security Advisory 2007:0125 : Updated XFree86 packages that fix a number of security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. iDefense reported an integer overflow flaw in the XFree86 XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-1003) iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352) An integer overflow flaw was found in the XFree86 XGetPixel() function. Improper use of this function could cause an application calling it to function improperly, possibly leading to a crash or arbitrary code execution. (CVE-2007-1667) Users of XFree86 should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue.
    last seen 2019-01-16
    modified 2018-07-18
    plugin id 67464
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67464
    title Oracle Linux 3 : XFree86 (ELSA-2007-0125)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0125.NASL
    description Updated XFree86 packages that fix a number of security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. iDefense reported an integer overflow flaw in the XFree86 XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-1003) iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352) An integer overflow flaw was found in the XFree86 XGetPixel() function. Improper use of this function could cause an application calling it to function improperly, possibly leading to a crash or arbitrary code execution. (CVE-2007-1667) Users of XFree86 should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 24920
    published 2007-04-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24920
    title CentOS 3 : XFree86 (CESA-2007:0125)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0157.NASL
    description Updated xorg-x11-apps and libX11 packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. An integer overflow flaw was found in the X.org XGetPixel() function. Improper use of this function could cause an application calling it to function improperly, possibly leading to a crash or arbitrary code execution. (CVE-2007-1667) Users of the X.org X11 server should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue.
    last seen 2019-01-16
    modified 2018-11-16
    plugin id 25326
    published 2007-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25326
    title RHEL 5 : xorg-x11-apps and libX11 (RHSA-2007:0157)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2009-001.NASL
    description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have Security Update 2009-001 applied. This security update contains fixes for the following products : - AFP Server - Apple Pixlet Video - CarbonCore - CFNetwork - Certificate Assistant - ClamAV - CoreText - CUPS - DS Tools - fetchmail - Folder Manager - FSEvents - Network Time - perl - Printing - python - Remote Apple Events - Safari RSS - servermgrd - SMB - SquirrelMail - X11 - XTerm
    last seen 2019-01-16
    modified 2018-07-16
    plugin id 35684
    published 2009-02-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35684
    title Mac OS X Multiple Vulnerabilities (Security Update 2009-001)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-453-1.NASL
    description Multiple integer overflows were found in the XGetPixel function of libx11. If a user were tricked into opening a specially crafted XWD image, remote attackers could execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-11-28
    plugin id 28050
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28050
    title Ubuntu 6.06 LTS / 6.10 : libx11 vulnerability (USN-453-1)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_119060.NASL
    description X11 6.6.2_x86: Xsun patch. Date this patch was last updated by Sun : Jun/15/17 This plugin has been deprecated and either replaced with individual 119060 patch-revision plugins, or deemed non-security related.
    last seen 2019-01-16
    modified 2018-07-30
    plugin id 22985
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22985
    title Solaris 10 (x86) : 119060-72 (deprecated)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_IMAGEMAGICK-3130.NASL
    description This update of ImageMagick fixes three integer overflow in DCM and XWD code. These bugs can be exploited remotely via other application. (CVE-2007-1667,CVE-2007-1797)
    last seen 2019-01-16
    modified 2018-07-19
    plugin id 27108
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27108
    title openSUSE 10 Security Update : ImageMagick (ImageMagick-3130)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1858.NASL
    description Several vulnerabilities have been discovered in the imagemagick image manipulation programs which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1667 Multiple integer overflows in XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. It only affects the oldstable distribution (etch). - CVE-2007-1797 Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted DCM image, or the colors or comments field in a crafted XWD image. It only affects the oldstable distribution (etch). - CVE-2007-4985 A crafted image file can trigger an infinite loop in the ReadDCMImage function or in the ReadXCFImage function. It only affects the oldstable distribution (etch). - CVE-2007-4986 Multiple integer overflows allow context-dependent attackers to execute arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file, which triggers a heap-based buffer overflow. It only affects the oldstable distribution (etch). - CVE-2007-4987 Off-by-one error allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a '\0' character to an out-of-bounds address. It affects only the oldstable distribution (etch). - CVE-2007-4988 A sign extension error allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. It affects only the oldstable distribution (etch). - CVE-2008-1096 The load_tile function in the XCF coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write. It affects only to oldstable (etch). - CVE-2008-1097 Heap-based buffer overflow in the PCX coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption. It affects only to oldstable (etch). - CVE-2009-1882 Integer overflow allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 44723
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44723
    title Debian DSA-1858-1 : imagemagick - multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_IMAGEMAGICK-3131.NASL
    description This update of ImageMagick fixes three integer overflow in DCM and XWD code. These bugs can be exploited remotely via other application. (CVE-2007-1667 / CVE-2007-1797)
    last seen 2019-01-16
    modified 2012-05-17
    plugin id 29351
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29351
    title SuSE 10 Security Update : ImageMagick (ZYPP Patch Number 3131)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0125.NASL
    description Updated XFree86 packages that fix a number of security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. iDefense reported an integer overflow flaw in the XFree86 XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-1003) iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352) An integer overflow flaw was found in the XFree86 XGetPixel() function. Improper use of this function could cause an application calling it to function improperly, possibly leading to a crash or arbitrary code execution. (CVE-2007-1667) Users of XFree86 should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue.
    last seen 2019-01-16
    modified 2018-11-16
    plugin id 24949
    published 2007-04-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24949
    title RHEL 2.1 / 3 : XFree86 (RHSA-2007:0125)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_119059_46.NASL
    description X11 6.6.2: Xsun patch. This patch addresses IAVT 2009-T-0001.
    last seen 2018-09-01
    modified 2018-07-30
    plugin id 82536
    published 2015-04-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82536
    title Solaris 10 (sparc) : 119059-46
  • NASL family SuSE Local Security Checks
    NASL id SUSE_XORG-X11-SERVER-3082.NASL
    description Integer overflows in the XC-MISC extension of the X-server could potentially be exploited to execute code with root privileges (CVE-2007-1003). Integer overflows in libX11 could cause crashes (CVE-2007-1667). Integer overflows in the font handling of the X-server could potentially be exploited to execute code with root privileges (CVE-2007-1352, CVE-2007-1351).
    last seen 2019-01-16
    modified 2018-07-19
    plugin id 27496
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27496
    title openSUSE 10 Security Update : xorg-x11-server (xorg-x11-server-3082)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0126.NASL
    description Updated X.org packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. iDefense reported an integer overflow flaw in the X.org XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1003) iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352) An integer overflow flaw was found in the X.org XGetPixel() function. Improper use of this function could cause an application calling it to function improperly, possibly leading to a crash or arbitrary code execution. (CVE-2007-1667) Users of X.org should upgrade to these updated packages, which contain a backported patch and are not vulnerable to these issues.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 25006
    published 2007-04-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25006
    title CentOS 4 : xorg (CESA-2007:0126)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-079.NASL
    description Local exploitation of a memory corruption vulnerability in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. The vulnerability exists in the ProcXCMiscGetXIDList() function in the XC-MISC extension. This request is used to determine what resource IDs are available for use. This function contains two vulnerabilities, both result in memory corruption of either the stack or heap. The ALLOCATE_LOCAL() macro used by this function allocates memory on the stack using alloca() on systems where alloca() is present, or using the heap otherwise. The handler function takes a user provided value, multiplies it, and then passes it to the above macro. This results in both an integer overflow vulnerability, and an alloca() stack pointer shifting vulnerability. Both can be exploited to execute arbitrary code. (CVE-2007-1003) iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352) Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in x.org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or information leak via crafted images with large or negative values that trigger a buffer overflow. (CVE-2007-1667) Updated packages are patched to address these issues. Update : Packages for Mandriva Linux 2007.1 are now available.
    last seen 2019-01-16
    modified 2018-07-19
    plugin id 24945
    published 2007-04-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24945
    title Mandrake Linux Security Advisory : xorg-x11 (MDKSA-2007:079-1)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_119059.NASL
    description X11 6.6.2: Xsun patch. Date this patch was last updated by Sun : Jun/15/17 This plugin has been deprecated and either replaced with individual 119059 patch-revision plugins, or deemed non-security related.
    last seen 2019-01-16
    modified 2018-07-30
    plugin id 22952
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22952
    title Solaris 10 (sparc) : 119059-73 (deprecated)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-481-1.NASL
    description Multiple vulnerabilities were found in ImageMagick's handling of DCM and WXD image files. By tricking a user into processing a specially crafted image with an application that uses imagemagick, an attacker could execute arbitrary code with the user's privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-11-28
    plugin id 28082
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28082
    title Ubuntu 6.06 LTS / 6.10 / 7.04 : imagemagick vulnerabilities (USN-481-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0126.NASL
    description From Red Hat Security Advisory 2007:0126 : Updated X.org packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. iDefense reported an integer overflow flaw in the X.org XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1003) iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352) An integer overflow flaw was found in the X.org XGetPixel() function. Improper use of this function could cause an application calling it to function improperly, possibly leading to a crash or arbitrary code execution. (CVE-2007-1667) Users of X.org should upgrade to these updated packages, which contain a backported patch and are not vulnerable to these issues.
    last seen 2019-01-16
    modified 2018-07-18
    plugin id 67465
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67465
    title Oracle Linux 4 : xorg-x11 (ELSA-2007-0126)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1294.NASL
    description Several vulnerabilities have been discovered in the X Window System, which may lead to privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1003 Sean Larsson discovered an integer overflow in the XC-MISC extension, which might lead to denial of service or local privilege escalation. - CVE-2007-1351 Greg MacManus discovered an integer overflow in the font handling, which might lead to denial of service or local privilege escalation. - CVE-2007-1352 Greg MacManus discovered an integer overflow in the font handling, which might lead to denial of service or local privilege escalation. - CVE-2007-1667 Sami Leides discovered an integer overflow in the libx11 library which might lead to the execution of arbitrary code. This update introduces tighter sanity checking of input passed to XCreateImage(). To cope with this an updated rdesktop package is delivered along with this security update. Another application reported to break is the proprietary Opera browser, which isn't part of Debian. The vendor has released updated packages, though.
    last seen 2019-01-16
    modified 2018-08-09
    plugin id 25259
    published 2007-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25259
    title Debian DSA-1294-1 : xfree86 - several vulnerabilities
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-147.NASL
    description A number of vulnerabilities were discovered in how ImageMagick handles DCM and XWD image files. If a user were tricked into processing a specially crafted image file with an application that uses ImageMagick, an attacker could cause a heap-based buffer overflow and possibly execute arbitrary code with the user's privileges. The updated packages have been patched to prevent these issues.
    last seen 2019-01-16
    modified 2018-07-19
    plugin id 25750
    published 2007-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25750
    title Mandrake Linux Security Advisory : ImageMagick (MDKSA-2007:147)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_XORG-X11-SERVER-3083.NASL
    description Integer overflows in the XC-MISC extension of the X-server could potentially be exploited to execute code with root privileges. (CVE-2007-1003) Integer overflows in libx11 could cause crashes. (CVE-2007-1667) Integer overflows in the font handling of the X-server could potentially be exploited to execute code with root privileges. (CVE-2007-1352 / CVE-2007-1351)
    last seen 2019-01-16
    modified 2012-05-17
    plugin id 29607
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29607
    title SuSE 10 Security Update : Xorg X11 (ZYPP Patch Number 3083)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0126.NASL
    description Updated X.org packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. iDefense reported an integer overflow flaw in the X.org XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1003) iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352) An integer overflow flaw was found in the X.org XGetPixel() function. Improper use of this function could cause an application calling it to function improperly, possibly leading to a crash or arbitrary code execution. (CVE-2007-1667) Users of X.org should upgrade to these updated packages, which contain a backported patch and are not vulnerable to these issues.
    last seen 2019-01-16
    modified 2018-11-16
    plugin id 24950
    published 2007-04-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24950
    title RHEL 4 : xorg-x11 (RHSA-2007:0126)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0157.NASL
    description From Red Hat Security Advisory 2007:0157 : Updated xorg-x11-apps and libX11 packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. An integer overflow flaw was found in the X.org XGetPixel() function. Improper use of this function could cause an application calling it to function improperly, possibly leading to a crash or arbitrary code execution. (CVE-2007-1667) Users of the X.org X11 server should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue.
    last seen 2019-01-16
    modified 2018-07-18
    plugin id 67472
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67472
    title Oracle Linux 5 : libX11 / xorg-x11-apps (ELSA-2007-0157)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-080.NASL
    description Local exploitation of a memory corruption vulnerability in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. The vulnerability exists in the ProcXCMiscGetXIDList() function in the XC-MISC extension. This request is used to determine what resource IDs are available for use. This function contains two vulnerabilities, both result in memory corruption of either the stack or heap. The ALLOCATE_LOCAL() macro used by this function allocates memory on the stack using alloca() on systems where alloca() is present, or using the heap otherwise. The handler function takes a user provided value, multiplies it, and then passes it to the above macro. This results in both an integer overflow vulnerability, and an alloca() stack pointer shifting vulnerability. Both can be exploited to execute arbitrary code. (CVE-2007-1003) iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352) TightVNC uses some of the same code base as Xorg, and has the same vulnerable code. Updated packages are patched to address these issues. Update : Packages for Mandriva Linux 2007.1 are now available.
    last seen 2019-01-16
    modified 2018-07-19
    plugin id 24946
    published 2007-04-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24946
    title Mandrake Linux Security Advisory : tightvnc (MDKSA-2007:080-1)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_119060_45.NASL
    description X11 6.6.2_x86: Xsun patch. This patch addresses IAVT 2009-T-0001.
    last seen 2018-09-02
    modified 2018-07-30
    plugin id 82537
    published 2015-04-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82537
    title Solaris 10 (x86) : 119060-45
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1903.NASL
    description Several vulnerabilities have been discovered in graphicsmagick, a collection of image processing tool, which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1667 Multiple integer overflows in XInitImage function in xwd.c for GraphicsMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. It only affects the oldstable distribution (etch). - CVE-2007-1797 Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted DCM image, or the colors or comments field in a crafted XWD image. It only affects the oldstable distribution (etch). - CVE-2007-4985 A crafted image file can trigger an infinite loop in the ReadDCMImage function or in the ReadXCFImage function. It only affects the oldstable distribution (etch). - CVE-2007-4986 Multiple integer overflows allow context-dependent attackers to execute arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file, which triggers a heap-based buffer overflow. It only affects the oldstable distribution (etch). - CVE-2007-4988 A sign extension error allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. It affects only the oldstable distribution (etch). - CVE-2008-1096 The load_tile function in the XCF coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write. It affects only oldstable (etch). - CVE-2008-3134 Multiple vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via vectors in the AVI, AVS, DCM, EPT, FITS, MTV, PALM, RLA, and TGA decoder readers; and the GetImageCharacteristics function in magick/image.c, as reachable from a crafted PNG, JPEG, BMP, or TIFF file. - CVE-2008-6070 Multiple heap-based buffer underflows in the ReadPALMImage function in coders/palm.c in GraphicsMagick before 1.2.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PALM image. - CVE-2008-6071 Heap-based buffer overflow in the DecodeImage function in coders/pict.c in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PICT image. - CVE-2008-6072 Multiple vulnerabilities in GraphicsMagick allow remote attackers to cause a denial of service (crash) via vectors in XCF and CINEON images. - CVE-2008-6621 Vulnerability in GraphicsMagick allows remote attackers to cause a denial of service (crash) via vectors in DPX images. - CVE-2009-1882 Integer overflow allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 44768
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44768
    title Debian DSA-1903-1 : graphicsmagick - several vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GRAPHICSMAGICK-3129.NASL
    description This update of GraphicsMagick fixes three integer overflow in DCM and XWD code. These bugs can be exploited remotely via other application. (CVE-2007-1667,CVE-2007-1797)
    last seen 2019-01-16
    modified 2018-07-19
    plugin id 27103
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27103
    title openSUSE 10 Security Update : GraphicsMagick (GraphicsMagick-3129)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0157.NASL
    description Updated xorg-x11-apps and libX11 packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. An integer overflow flaw was found in the X.org XGetPixel() function. Improper use of this function could cause an application calling it to function improperly, possibly leading to a crash or arbitrary code execution. (CVE-2007-1667) Users of the X.org X11 server should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 25044
    published 2007-04-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25044
    title CentOS 5 : xorg-x11-apps / libX11 (CESA-2007:0157)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-448-1.NASL
    description Sean Larsson of iDefense Labs discovered that the MISC-XC extension of Xorg did not correctly verify the size of allocated memory. An authenticated user could send a specially crafted X11 request and execute arbitrary code with root privileges. (CVE-2007-1003) Greg MacManus of iDefense Labs discovered that the BDF font handling code in Xorg and FreeType did not correctly verify the size of allocated memory. If a user were tricked into using a specially crafted font, a remote attacker could execute arbitrary code with root privileges. (CVE-2007-1351, CVE-2007-1352). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-11-28
    plugin id 28045
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28045
    title Ubuntu 5.10 / 6.06 LTS / 6.10 : freetype, libxfont, xorg, xorg-server vulnerabilities (USN-448-1)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_119059-69.NASL
    description X11 6.6.2: Xsun patch. Date this patch was last updated by Sun : Nov/15/14
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107301
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107301
    title Solaris 10 (sparc) : 119059-69
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_119059-72.NASL
    description X11 6.6.2: Xsun patch. Date this patch was last updated by Sun : Mar/09/17
    last seen 2019-01-19
    modified 2019-01-18
    plugin id 107304
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107304
    title Solaris 10 (sparc) : 119059-72
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_119059-70.NASL
    description X11 6.6.2: Xsun patch. Date this patch was last updated by Sun : Jul/13/15
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107302
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107302
    title Solaris 10 (sparc) : 119059-70
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_119060-64.NASL
    description X11 6.6.2_x86: Xsun patch. Date this patch was last updated by Sun : Sep/12/13
    last seen 2018-10-31
    modified 2018-10-29
    plugin id 107801
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107801
    title Solaris 10 (x86) : 119060-64
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_119059-71.NASL
    description X11 6.6.2: Xsun patch. Date this patch was last updated by Sun : Nov/12/15
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107303
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107303
    title Solaris 10 (sparc) : 119059-71
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_119059-66.NASL
    description X11 6.6.2: Xsun patch. Date this patch was last updated by Sun : Mar/15/14
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107300
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107300
    title Solaris 10 (sparc) : 119059-66
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_119059-65.NASL
    description X11 6.6.2: Xsun patch. Date this patch was last updated by Sun : Sep/12/13
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107299
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107299
    title Solaris 10 (sparc) : 119059-65
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_119060-65.NASL
    description X11 6.6.2_x86: Xsun patch. Date this patch was last updated by Sun : Mar/15/14
    last seen 2018-10-31
    modified 2018-10-29
    plugin id 107802
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107802
    title Solaris 10 (x86) : 119060-65
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_119060-69.NASL
    description X11 6.6.2_x86: Xsun patch. Date this patch was last updated by Sun : Jul/13/15
    last seen 2018-10-31
    modified 2018-10-29
    plugin id 107804
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107804
    title Solaris 10 (x86) : 119060-69
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_119060-71.NASL
    description X11 6.6.2_x86: Xsun patch. Date this patch was last updated by Sun : Mar/09/17
    last seen 2019-01-19
    modified 2019-01-18
    plugin id 107806
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107806
    title Solaris 10 (x86) : 119060-71
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_119060-70.NASL
    description X11 6.6.2_x86: Xsun patch. Date this patch was last updated by Sun : Nov/12/15
    last seen 2018-10-31
    modified 2018-10-29
    plugin id 107805
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107805
    title Solaris 10 (x86) : 119060-70
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_119060-68.NASL
    description X11 6.6.2_x86: Xsun patch. Date this patch was last updated by Sun : Nov/15/14
    last seen 2018-10-31
    modified 2018-10-29
    plugin id 107803
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107803
    title Solaris 10 (x86) : 119060-68
oval via4
  • accepted 2007-09-06T09:13:27.878-04:00
    class vulnerability
    contributors
    name Pai Peng
    organization Opsware, Inc.
    definition_extensions
    • comment Solaris 8 (SPARC) is installed
      oval oval:org.mitre.oval:def:1539
    • comment Solaris 9 (SPARC) is installed
      oval oval:org.mitre.oval:def:1457
    • comment Solaris 10 (SPARC) is installed
      oval oval:org.mitre.oval:def:1440
    • comment Solaris 8 (x86) is installed
      oval oval:org.mitre.oval:def:2059
    • comment Solaris 9 (x86) is installed
      oval oval:org.mitre.oval:def:1683
    • comment Solaris 10 (x86) is installed
      oval oval:org.mitre.oval:def:1926
    description Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.
    family unix
    id oval:org.mitre.oval:def:1693
    status accepted
    submitted 2007-07-26T14:51:13.000-04:00
    title Security Vulnerability in libX11 for Solaris
    version 32
  • accepted 2013-04-29T04:22:04.731-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.
    family unix
    id oval:org.mitre.oval:def:9776
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.
    version 24
redhat via4
advisories
  • bugzilla
    id 234055
    title CVE-2007-1351 Multiple font integer overflows (CVE-2007-1352)
    oval
    AND
    • comment Red Hat Enterprise Linux 3 is installed
      oval oval:com.redhat.rhsa:tst:20060015001
    • OR
      • AND
        • comment XFree86 is earlier than 0:4.3.0-120.EL
          oval oval:com.redhat.rhsa:tst:20070125002
        • comment XFree86 is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002003
      • AND
        • comment XFree86-100dpi-fonts is earlier than 0:4.3.0-120.EL
          oval oval:com.redhat.rhsa:tst:20070125038
        • comment XFree86-100dpi-fonts is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002017
      • AND
        • comment XFree86-75dpi-fonts is earlier than 0:4.3.0-120.EL
          oval oval:com.redhat.rhsa:tst:20070125030
        • comment XFree86-75dpi-fonts is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002033
      • AND
        • comment XFree86-ISO8859-14-100dpi-fonts is earlier than 0:4.3.0-120.EL
          oval oval:com.redhat.rhsa:tst:20070125012
        • comment XFree86-ISO8859-14-100dpi-fonts is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002007
      • AND
        • comment XFree86-ISO8859-14-75dpi-fonts is earlier than 0:4.3.0-120.EL
          oval oval:com.redhat.rhsa:tst:20070125004
        • comment XFree86-ISO8859-14-75dpi-fonts is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002009
      • AND
        • comment XFree86-ISO8859-15-100dpi-fonts is earlier than 0:4.3.0-120.EL
          oval oval:com.redhat.rhsa:tst:20070125010
        • comment XFree86-ISO8859-15-100dpi-fonts is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002049
      • AND
        • comment XFree86-ISO8859-15-75dpi-fonts is earlier than 0:4.3.0-120.EL
          oval oval:com.redhat.rhsa:tst:20070125050
        • comment XFree86-ISO8859-15-75dpi-fonts is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002043
      • AND
        • comment XFree86-ISO8859-2-100dpi-fonts is earlier than 0:4.3.0-120.EL
          oval oval:com.redhat.rhsa:tst:20070125020
        • comment XFree86-ISO8859-2-100dpi-fonts is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002039
      • AND
        • comment XFree86-ISO8859-2-75dpi-fonts is earlier than 0:4.3.0-120.EL
          oval oval:com.redhat.rhsa:tst:20070125024
        • comment XFree86-ISO8859-2-75dpi-fonts is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002005
      • AND
        • comment XFree86-ISO8859-9-100dpi-fonts is earlier than 0:4.3.0-120.EL
          oval oval:com.redhat.rhsa:tst:20070125018
        • comment XFree86-ISO8859-9-100dpi-fonts is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002055
      • AND
        • comment XFree86-ISO8859-9-75dpi-fonts is earlier than 0:4.3.0-120.EL
          oval oval:com.redhat.rhsa:tst:20070125058
        • comment XFree86-ISO8859-9-75dpi-fonts is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002037
      • AND
        • comment XFree86-Mesa-libGL is earlier than 0:4.3.0-120.EL
          oval oval:com.redhat.rhsa:tst:20070125044
        • comment XFree86-Mesa-libGL is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002011
      • AND
        • comment XFree86-Mesa-libGLU is earlier than 0:4.3.0-120.EL
          oval oval:com.redhat.rhsa:tst:20070125036
        • comment XFree86-Mesa-libGLU is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002027
      • AND
        • comment XFree86-Xnest is earlier than 0:4.3.0-120.EL
          oval oval:com.redhat.rhsa:tst:20070125048
        • comment XFree86-Xnest is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002035
      • AND
        • comment XFree86-Xvfb is earlier than 0:4.3.0-120.EL
          oval oval:com.redhat.rhsa:tst:20070125026
        • comment XFree86-Xvfb is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002053
      • AND
        • comment XFree86-base-fonts is earlier than 0:4.3.0-120.EL
          oval oval:com.redhat.rhsa:tst:20070125034
        • comment XFree86-base-fonts is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002029
      • AND
        • comment XFree86-cyrillic-fonts is earlier than 0:4.3.0-120.EL
          oval oval:com.redhat.rhsa:tst:20070125040
        • comment XFree86-cyrillic-fonts is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002019
      • AND
        • comment XFree86-devel is earlier than 0:4.3.0-120.EL
          oval oval:com.redhat.rhsa:tst:20070125054
        • comment XFree86-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002031
      • AND
        • comment XFree86-doc is earlier than 0:4.3.0-120.EL
          oval oval:com.redhat.rhsa:tst:20070125022
        • comment XFree86-doc is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002015
      • AND
        • comment XFree86-font-utils is earlier than 0:4.3.0-120.EL
          oval oval:com.redhat.rhsa:tst:20070125028
        • comment XFree86-font-utils is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002021
      • AND
        • comment XFree86-libs is earlier than 0:4.3.0-120.EL
          oval oval:com.redhat.rhsa:tst:20070125060
        • comment XFree86-libs is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002057
      • AND
        • comment XFree86-libs-data is earlier than 0:4.3.0-120.EL
          oval oval:com.redhat.rhsa:tst:20070125006
        • comment XFree86-libs-data is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002059
      • AND
        • comment XFree86-sdk is earlier than 0:4.3.0-120.EL
          oval oval:com.redhat.rhsa:tst:20070125008
        • comment XFree86-sdk is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002013
      • AND
        • comment XFree86-syriac-fonts is earlier than 0:4.3.0-120.EL
          oval oval:com.redhat.rhsa:tst:20070125046
        • comment XFree86-syriac-fonts is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002061
      • AND
        • comment XFree86-tools is earlier than 0:4.3.0-120.EL
          oval oval:com.redhat.rhsa:tst:20070125056
        • comment XFree86-tools is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002025
      • AND
        • comment XFree86-truetype-fonts is earlier than 0:4.3.0-120.EL
          oval oval:com.redhat.rhsa:tst:20070125042
        • comment XFree86-truetype-fonts is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002041
      • AND
        • comment XFree86-twm is earlier than 0:4.3.0-120.EL
          oval oval:com.redhat.rhsa:tst:20070125014
        • comment XFree86-twm is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002051
      • AND
        • comment XFree86-xauth is earlier than 0:4.3.0-120.EL
          oval oval:com.redhat.rhsa:tst:20070125052
        • comment XFree86-xauth is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002047
      • AND
        • comment XFree86-xdm is earlier than 0:4.3.0-120.EL
          oval oval:com.redhat.rhsa:tst:20070125032
        • comment XFree86-xdm is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002045
      • AND
        • comment XFree86-xfs is earlier than 0:4.3.0-120.EL
          oval oval:com.redhat.rhsa:tst:20070125016
        • comment XFree86-xfs is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002023
    rhsa
    id RHSA-2007:0125
    released 2007-04-03
    severity Important
    title RHSA-2007:0125: XFree86 security update (Important)
  • bugzilla
    id 234056
    title CVE-2007-1351 Multiple font integer overflows (CVE-2007-1352)
    oval
    AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhsa:tst:20060016001
    • OR
      • AND
        • comment xorg-x11 is earlier than 0:6.8.2-1.EL.13.37.7
          oval oval:com.redhat.rhsa:tst:20070126002
        • comment xorg-x11 is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070003003
      • AND
        • comment xorg-x11-Mesa-libGL is earlier than 0:6.8.2-1.EL.13.37.7
          oval oval:com.redhat.rhsa:tst:20070126010
        • comment xorg-x11-Mesa-libGL is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070003021
      • AND
        • comment xorg-x11-Mesa-libGLU is earlier than 0:6.8.2-1.EL.13.37.7
          oval oval:com.redhat.rhsa:tst:20070126004
        • comment xorg-x11-Mesa-libGLU is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070003019
      • AND
        • comment xorg-x11-Xdmx is earlier than 0:6.8.2-1.EL.13.37.7
          oval oval:com.redhat.rhsa:tst:20070126020
        • comment xorg-x11-Xdmx is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070003013
      • AND
        • comment xorg-x11-Xnest is earlier than 0:6.8.2-1.EL.13.37.7
          oval oval:com.redhat.rhsa:tst:20070126018
        • comment xorg-x11-Xnest is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070003037
      • AND
        • comment xorg-x11-Xvfb is earlier than 0:6.8.2-1.EL.13.37.7
          oval oval:com.redhat.rhsa:tst:20070126022
        • comment xorg-x11-Xvfb is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070003033
      • AND
        • comment xorg-x11-deprecated-libs is earlier than 0:6.8.2-1.EL.13.37.7
          oval oval:com.redhat.rhsa:tst:20070126030
        • comment xorg-x11-deprecated-libs is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070003029
      • AND
        • comment xorg-x11-deprecated-libs-devel is earlier than 0:6.8.2-1.EL.13.37.7
          oval oval:com.redhat.rhsa:tst:20070126036
        • comment xorg-x11-deprecated-libs-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070003027
      • AND
        • comment xorg-x11-devel is earlier than 0:6.8.2-1.EL.13.37.7
          oval oval:com.redhat.rhsa:tst:20070126006
        • comment xorg-x11-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070003011
      • AND
        • comment xorg-x11-doc is earlier than 0:6.8.2-1.EL.13.37.7
          oval oval:com.redhat.rhsa:tst:20070126008
        • comment xorg-x11-doc is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070003015
      • AND
        • comment xorg-x11-font-utils is earlier than 0:6.8.2-1.EL.13.37.7
          oval oval:com.redhat.rhsa:tst:20070126012
        • comment xorg-x11-font-utils is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070003025
      • AND
        • comment xorg-x11-libs is earlier than 0:6.8.2-1.EL.13.37.7
          oval oval:com.redhat.rhsa:tst:20070126034
        • comment xorg-x11-libs is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070003009
      • AND
        • comment xorg-x11-sdk is earlier than 0:6.8.2-1.EL.13.37.7
          oval oval:com.redhat.rhsa:tst:20070126028
        • comment xorg-x11-sdk is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070003007
      • AND
        • comment xorg-x11-tools is earlier than 0:6.8.2-1.EL.13.37.7
          oval oval:com.redhat.rhsa:tst:20070126014
        • comment xorg-x11-tools is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070003031
      • AND
        • comment xorg-x11-twm is earlier than 0:6.8.2-1.EL.13.37.7
          oval oval:com.redhat.rhsa:tst:20070126026
        • comment xorg-x11-twm is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070003035
      • AND
        • comment xorg-x11-xauth is earlier than 0:6.8.2-1.EL.13.37.7
          oval oval:com.redhat.rhsa:tst:20070126032
        • comment xorg-x11-xauth is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070003017
      • AND
        • comment xorg-x11-xdm is earlier than 0:6.8.2-1.EL.13.37.7
          oval oval:com.redhat.rhsa:tst:20070126016
        • comment xorg-x11-xdm is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070003023
      • AND
        • comment xorg-x11-xfs is earlier than 0:6.8.2-1.EL.13.37.7
          oval oval:com.redhat.rhsa:tst:20070126024
        • comment xorg-x11-xfs is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070003005
    rhsa
    id RHSA-2007:0126
    released 2007-04-03
    severity Important
    title RHSA-2007:0126: xorg-x11 security update (Important)
  • bugzilla
    id 231694
    title CVE-2007-1667 XGetPixel() integer overflow
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment libX11 is earlier than 0:1.0.3-8.0.1.el5
          oval oval:com.redhat.rhsa:tst:20070157002
        • comment libX11 is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070157003
      • AND
        • comment libX11-devel is earlier than 0:1.0.3-8.0.1.el5
          oval oval:com.redhat.rhsa:tst:20070157004
        • comment libX11-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070157005
      • AND
        • comment xorg-x11-apps is earlier than 0:7.1-4.0.1.el5
          oval oval:com.redhat.rhsa:tst:20070157006
        • comment xorg-x11-apps is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070157007
    rhsa
    id RHSA-2007:0157
    released 2007-04-16
    severity Moderate
    title RHSA-2007:0157: xorg-x11-apps and libX11 security update (Moderate)
rpms
  • XFree86-0:4.3.0-120.EL
  • XFree86-100dpi-fonts-0:4.3.0-120.EL
  • XFree86-75dpi-fonts-0:4.3.0-120.EL
  • XFree86-ISO8859-14-100dpi-fonts-0:4.3.0-120.EL
  • XFree86-ISO8859-14-75dpi-fonts-0:4.3.0-120.EL
  • XFree86-ISO8859-15-100dpi-fonts-0:4.3.0-120.EL
  • XFree86-ISO8859-15-75dpi-fonts-0:4.3.0-120.EL
  • XFree86-ISO8859-2-100dpi-fonts-0:4.3.0-120.EL
  • XFree86-ISO8859-2-75dpi-fonts-0:4.3.0-120.EL
  • XFree86-ISO8859-9-100dpi-fonts-0:4.3.0-120.EL
  • XFree86-ISO8859-9-75dpi-fonts-0:4.3.0-120.EL
  • XFree86-Mesa-libGL-0:4.3.0-120.EL
  • XFree86-Mesa-libGLU-0:4.3.0-120.EL
  • XFree86-Xnest-0:4.3.0-120.EL
  • XFree86-Xvfb-0:4.3.0-120.EL
  • XFree86-base-fonts-0:4.3.0-120.EL
  • XFree86-cyrillic-fonts-0:4.3.0-120.EL
  • XFree86-devel-0:4.3.0-120.EL
  • XFree86-doc-0:4.3.0-120.EL
  • XFree86-font-utils-0:4.3.0-120.EL
  • XFree86-libs-0:4.3.0-120.EL
  • XFree86-libs-data-0:4.3.0-120.EL
  • XFree86-sdk-0:4.3.0-120.EL
  • XFree86-syriac-fonts-0:4.3.0-120.EL
  • XFree86-tools-0:4.3.0-120.EL
  • XFree86-truetype-fonts-0:4.3.0-120.EL
  • XFree86-twm-0:4.3.0-120.EL
  • XFree86-xauth-0:4.3.0-120.EL
  • XFree86-xdm-0:4.3.0-120.EL
  • XFree86-xfs-0:4.3.0-120.EL
  • xorg-x11-0:6.8.2-1.EL.13.37.7
  • xorg-x11-Mesa-libGL-0:6.8.2-1.EL.13.37.7
  • xorg-x11-Mesa-libGLU-0:6.8.2-1.EL.13.37.7
  • xorg-x11-Xdmx-0:6.8.2-1.EL.13.37.7
  • xorg-x11-Xnest-0:6.8.2-1.EL.13.37.7
  • xorg-x11-Xvfb-0:6.8.2-1.EL.13.37.7
  • xorg-x11-deprecated-libs-0:6.8.2-1.EL.13.37.7
  • xorg-x11-deprecated-libs-devel-0:6.8.2-1.EL.13.37.7
  • xorg-x11-devel-0:6.8.2-1.EL.13.37.7
  • xorg-x11-doc-0:6.8.2-1.EL.13.37.7
  • xorg-x11-font-utils-0:6.8.2-1.EL.13.37.7
  • xorg-x11-libs-0:6.8.2-1.EL.13.37.7
  • xorg-x11-sdk-0:6.8.2-1.EL.13.37.7
  • xorg-x11-tools-0:6.8.2-1.EL.13.37.7
  • xorg-x11-twm-0:6.8.2-1.EL.13.37.7
  • xorg-x11-xauth-0:6.8.2-1.EL.13.37.7
  • xorg-x11-xdm-0:6.8.2-1.EL.13.37.7
  • xorg-x11-xfs-0:6.8.2-1.EL.13.37.7
  • libX11-0:1.0.3-8.0.1.el5
  • libX11-devel-0:1.0.3-8.0.1.el5
  • xorg-x11-apps-0:7.1-4.0.1.el5
refmap via4
apple APPLE-SA-2009-02-12
bid 23300
bugtraq
  • 20070404 rPSA-2007-0065-1 freetype xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs
  • 20070405 FLEA-2007-0009-1: xorg-x11 freetype
confirm
debian
  • DSA-1294
  • DSA-1858
gentoo
  • GLSA-200705-06
  • GLSA-200805-07
mandriva
  • MDKSA-2007:079
  • MDKSA-2007:147
mlist [xorg-announce] 20070403 various integer overflow vulnerabilites in xserver, libX11 and libXfont
openbsd
  • [3.9] 021: SECURITY FIX: April 4, 2007
  • [4.0] 011: SECURITY FIX: April 4, 2007
sectrack 1017864
secunia
  • 24739
  • 24741
  • 24745
  • 24756
  • 24758
  • 24765
  • 24771
  • 24791
  • 24953
  • 24975
  • 25004
  • 25072
  • 25112
  • 25131
  • 25305
  • 25992
  • 26177
  • 30161
  • 33937
  • 36260
sunalert 102888
suse
  • SUSE-SA:2007:027
  • SUSE-SR:2007:008
ubuntu
  • USN-453-1
  • USN-453-2
  • USN-481-1
vupen
  • ADV-2007-1217
  • ADV-2007-1531
Last major update 09-09-2011 - 00:00
Published 24-03-2007 - 17:19
Last modified 16-10-2018 - 12:40
Back to Top