ID |
CVE-2007-5503
|
Summary |
Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image with large width and height values, which is not properly handled by the read_png function. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 6.8 (as of 13-02-2023 - 02:18) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-189 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
MEDIUM |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
oval
via4
|
accepted | 2013-04-29T04:12:40.867-04:00 | class | vulnerability | contributors | name | Aharon Chernin | organization | SCAP.com, LLC |
name | Dragos Prisaca | organization | G2, Inc. |
| definition_extensions | comment | The operating system installed on the system is Red Hat Enterprise Linux 5 | oval | oval:org.mitre.oval:def:11414 |
comment | The operating system installed on the system is CentOS Linux 5.x | oval | oval:org.mitre.oval:def:15802 |
comment | Oracle Linux 5.x | oval | oval:org.mitre.oval:def:15459 |
| description | Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image with large width and height values, which is not properly handled by the read_png function. | family | unix | id | oval:org.mitre.oval:def:11251 | status | accepted | submitted | 2010-07-09T03:56:16-04:00 | title | Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image with large width and height values, which is not properly handled by the read_png function. | version | 19 |
|
redhat
via4
|
advisories | bugzilla | id | 387431 | title | CVE-2007-5503 cairo integer overflow |
| oval | OR | comment | Red Hat Enterprise Linux must be installed | oval | oval:com.redhat.rhba:tst:20070304026 |
AND | comment | Red Hat Enterprise Linux 5 is installed | oval | oval:com.redhat.rhba:tst:20070331005 |
OR | AND | comment | cairo is earlier than 0:1.2.4-3.el5_1 | oval | oval:com.redhat.rhsa:tst:20071078001 |
comment | cairo is signed with Red Hat redhatrelease key | oval | oval:com.redhat.rhsa:tst:20071078002 |
|
AND | comment | cairo-devel is earlier than 0:1.2.4-3.el5_1 | oval | oval:com.redhat.rhsa:tst:20071078003 |
comment | cairo-devel is signed with Red Hat redhatrelease key | oval | oval:com.redhat.rhsa:tst:20071078004 |
|
|
|
|
| rhsa | id | RHSA-2007:1078 | released | 2007-11-29 | severity | Important | title | RHSA-2007:1078: cairo security update (Important) |
|
| rpms | - cairo-0:1.2.4-3.el5_1
- cairo-debuginfo-0:1.2.4-3.el5_1
- cairo-devel-0:1.2.4-3.el5_1
|
|
refmap
via4
|
bid | 26650 | bugtraq | - 20080115 rPSA-2008-0015-1 cairo
- 20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.
| confirm | | debian | DSA-1542 | fedora | FEDORA-2007-3818 | fulldisc | 20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues. | gentoo | - GLSA-200712-04
- GLSA-200712-24
- GLSA-201209-25
| mandriva | MDVSA-2008:019 | misc | http://bugs.gentoo.org/show_bug.cgi?id=201860 | sectrack | 1019027 | secunia | - 27775
- 27819
- 27880
- 27887
- 27985
- 28289
- 28476
- 28529
- 28555
- 28838
- 29767
- 31707
- 31711
| slackware | SSA:2007-337-01 | suse | SUSE-SR:2008:003 | ubuntu | | vupen | - ADV-2007-4045
- ADV-2008-2466
| xf | cario-readpng-bo(38771) |
|
Last major update |
13-02-2023 - 02:18 |
Published |
30-11-2007 - 01:46 |
Last modified |
13-02-2023 - 02:18 |