Vulnerability CVE-2007-5503


Published: 2007-11-29   Modified: 2012-02-12

Description:
Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image with large width and height values, which is not properly handled by the read_png function.

Vendor: Redhat
Product: Cairo 
Version: 1.4.10;

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://bugs.gentoo.org/show_bug.cgi?id=200350
http://bugs.gentoo.org/show_bug.cgi?id=201860
http://gitweb.freedesktop.org/?p=cairo;a=commitdiff;h=5c7d2d14d78e4dfb1ef6d2c40f0910f177e07360
http://gitweb.freedesktop.org/?p=cairo;a=commitdiff;h=e49bcde27f88e21d5b8037a0089a226096f6514b
http://gitweb.freedesktop.org/?p=cairo;a=commitdiff_plain;h=6020f67f1a49cfe3844c4938d4af24c63c8424cc;hp=c79fc9af334fd6f2d1078071d64178125561b187
http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html
http://rhn.redhat.com/errata/RHSA-2007-1078.html
http://security.gentoo.org/glsa/glsa-200712-04.xml
http://security.gentoo.org/glsa/glsa-201209-25.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.362119
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0015
http://www.debian.org/security/2008/dsa-1542
http://www.gentoo.org/security/en/glsa/glsa-200712-24.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:019
http://www.securityfocus.com/archive/1/archive/1/486405/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/495869/100/0/threaded
http://www.securityfocus.com/bid/26650
http://www.securitytracker.com/id?1019027
http://www.ubuntulinux.org/support/documentation/usn/usn-550-1
http://www.ubuntulinux.org/support/documentation/usn/usn-550-2
http://www.vmware.com/security/advisories/VMSA-2008-0014.html
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
http://www.vmware.com/support/server/doc/releasenotes_server.html
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
http://www.vupen.com/english/advisories/2007/4045
http://www.vupen.com/english/advisories/2008/2466
https://bugzilla.redhat.com/show_bug.cgi?id=387431
https://exchange.xforce.ibmcloud.com/vulnerabilities/38771
https://issues.rpath.com/browse/RPL-1966
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11251
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00630.html

Related CVE
CVE-2018-3760
There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application'...
CVE-2017-2672
A flaw was found in foreman before version 1.15 in the logging of adding and registering images. An attacker with access to the foreman log file would be able to view passwords for provisioned systems in the log file, allowing them to access those sy...
CVE-2018-1120
A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w...
CVE-2018-1117
ovirt-ansible-roles before version 1.0.6 has a vulnerability due to a missing no_log directive, resulting in the 'Add oVirt Provider to ManageIQ/CloudForms' playbook inadvertently disclosing admin passwords in the provisioning log. In an environment ...
CVE-2018-1073
The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user accounts.
CVE-2018-12533
JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData...
CVE-2018-1085
openshift-ansible before versions 3.9.23, 3.7.46 deploys a misconfigured etcd file that causes the SSL client certificate authentication to be disabled. Quotations around the values of ETCD_CLIENT_CERT_AUTH and ETCD_PEER_CLIENT_CERT_AUTH in etcd.conf...
CVE-2018-10850
389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of servi...

Copyright 2018, cxsecurity.com

 

Back to Top