Launchpad.net

CVE 2007-1667

Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.

Related bugs and status

CVE-2007-1667 (Candidate) is related to these bugs:

Bug #20599: imagemagick in combination with transcode fails (amd64)

Summary				In	Importance	Status
	20599	imagemagick in combination with transcode fails (amd64)		imagemagick (Ubuntu)	High	Fix Released
	20599	imagemagick in combination with transcode fails (amd64)		imagemagick (Debian)	Unknown	Fix Released

Bug #27767: Shell command injection in delegate code (via file names)

Summary				In	Importance	Status
	27767	Shell command injection in delegate code (via file names)		imagemagick (Ubuntu)	High	Fix Released
	27767	Shell command injection in delegate code (via file names)		imagemagick (Debian)	Unknown	Fix Released

Bug #27952: imagemagick: New format string vulnerability in SetImageInfo().

Summary				In	Importance	Status
	27952	imagemagick: New format string vulnerability in SetImageInfo().		imagemagick (Ubuntu)	High	Fix Released
	27952	imagemagick: New format string vulnerability in SetImageInfo().		imagemagick (Debian)	Unknown	Fix Released

Bug #28042: libmagick: array index overflow in DisplayImageCommand

Summary				In	Importance	Status
	28042	libmagick: array index overflow in DisplayImageCommand		imagemagick (Ubuntu)	High	Fix Released
	28042	libmagick: array index overflow in DisplayImageCommand		imagemagick (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://bugs.debian.org...
CONFIRM: https://bugzilla.redha...
MLIST: [xorg-announce] 200704...
CONFIRM: http://issues.foresigh...
CONFIRM: https://issues.rpath.c...
REDHAT: RHSA-2007:0126
REDHAT: RHSA-2007:0125
SECUNIA: 24741
SECUNIA: 24756
SECUNIA: 24745
SECUNIA: 24758
SECUNIA: 24765
SECUNIA: 24771
SECUNIA: 24791
CONFIRM: https://issues.rpath.c...
SECTRACK: 1017864
SECUNIA: 24739
SUSE: SUSE-SA:2007:027
UBUNTU: USN-453-1
SECUNIA: 24953
SECUNIA: 25004
REDHAT: RHSA-2007:0157
SUNALERT: 102888
SECUNIA: 24975
OPENBSD: [3.9] 021: SECURITY FI...
OPENBSD: [4.0] 011: SECURITY FI...
SUSE: SUSE-SR:2007:008
BID: 23300
CONFIRM: http://support.avaya.c...
GENTOO: GLSA-200705-06
SECUNIA: 25112
SECUNIA: 25072
SECUNIA: 25131
DEBIAN: DSA-1294
UBUNTU: USN-453-2
SECUNIA: 25305
UBUNTU: USN-481-1
SECUNIA: 25992
SECUNIA: 26177
MANDRIVA: MDKSA-2007:079
MANDRIVA: MDKSA-2007:147
GENTOO: GLSA-200805-07
SECUNIA: 30161
APPLE: APPLE-SA-2009-02-12
SECUNIA: 33937
DEBIAN: DSA-1858
SECUNIA: 36260
CONFIRM: http://support.apple.c...
VUPEN: ADV-2007-1217
VUPEN: ADV-2007-1531
OVAL: oval:org.mitre.oval:de...
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20070404 rPSA-2007-006...
BUGTRAQ: 20070405 FLEA-2007-000...