CVE-2007-1667

Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.

🔗 References (108)

• secalert@redhathttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414045
• secalert@redhathttp://issues.foresightlinux.org/browse/FL-223
• secalert@redhathttp://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
• secalert@redhathttp://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html
• secalert@redhathttp://rhn.redhat.com/errata/RHSA-2007-0125.html
• secalert@redhathttp://secunia.com/advisories/24739
• secalert@redhathttp://secunia.com/advisories/24741
• secalert@redhathttp://secunia.com/advisories/24745
• secalert@redhathttp://secunia.com/advisories/24756
• secalert@redhathttp://secunia.com/advisories/24758
• secalert@redhathttp://secunia.com/advisories/24765
• secalert@redhathttp://secunia.com/advisories/24771
• secalert@redhathttp://secunia.com/advisories/24791
• secalert@redhathttp://secunia.com/advisories/24953
• secalert@redhathttp://secunia.com/advisories/24975