Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5503

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-5503
Last Modified 14 May 2013 10:32:55
Published 29 Nov 2007 08:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5503

Summary

Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image with large width and height values, which is not properly handled by the read_png function.

Vulnerable Systems

Application

  • Redhat Cairo 1.4.10


References

REDHAT - RHSA-2007:1078

FEDORA - FEDORA-2007-3818

CONFIRM - https://issues.rpath.com/browse/RPL-1966

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=387431

XF - cario-readpng-bo(38771)

VUPEN - ADV-2008-2466

VUPEN - ADV-2007-4045

CONFIRM - http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html

CONFIRM - http://www.vmware.com/support/server/doc/releasenotes_server.html

CONFIRM - http://www.vmware.com/support/player2/doc/releasenotes_player2.html

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2008-0014.html

UBUNTU - USN-550-2

UBUNTU - USN-550-1

SECTRACK - 1019027

BID - 26650

BUGTRAQ - 20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.

BUGTRAQ - 20080115 rPSA-2008-0015-1 cairo

MANDRIVA - MDVSA-2008:019

GENTOO - GLSA-200712-24

DEBIAN - DSA-1542

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0015

SLACKWARE - SSA:2007-337-01

GENTOO - GLSA-200712-04

SECUNIA - 31711

SECUNIA - 31707

SECUNIA - 29767

SECUNIA - 28838

SECUNIA - 28555

SECUNIA - 28529

SECUNIA - 28476

SECUNIA - 28289

SECUNIA - 27985

SECUNIA - 27887

SECUNIA - 27880

SECUNIA - 27819

SECUNIA - 27775

SUSE - SUSE-SR:2008:003

CONFIRM - http://gitweb.freedesktop.org/?p=cairo;a=commitdiff_plain;h=6020f67f1a49cfe3844c4938d4af24c63c8424cc;hp=c79fc9af334fd6f2d1078071d64178125561b187

CONFIRM - http://gitweb.freedesktop.org/?p=cairo;a=commitdiff;h=e49bcde27f88e21d5b8037a0089a226096f6514b

CONFIRM - http://gitweb.freedesktop.org/?p=cairo;a=commitdiff;h=5c7d2d14d78e4dfb1ef6d2c40f0910f177e07360

MISC - http://bugs.gentoo.org/show_bug.cgi?id=201860

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=200350

GENTOO - GLSA-201209-25

Related Patches

VMware VMSA-2008-0014.3 VMware Workstation 6.5.1 for Windows (Update) (All Languages) (See Notes) (Rev 2)

VMware VMSA-2008-0014.3 VMware Server 2.0 for Windows (Update) (All Languages) (See Notes) (Rev 3)

VMware VMSA-2008-0014.3 VMware Player 2.5.1 for Windows (Update) (All Languages) (Rev 2)


Last Updated: 27 May 2016 10:47:25