Upstream information

CVE-2007-1667 at MITRE

Description

Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having critical severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 9.3
Vector AV:N/AC:M/Au:N/C:C/I:C/A:C
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
SUSE Bugzilla entries: 252958 [RESOLVED / FIXED], 258253 [RESOLVED / FIXED], 264218 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 11 SP1
  • libMagickCore1 >= 6.4.3.6-7.20.1
  • libMagickCore1-32bit >= 6.4.3.6-7.20.1
SUSE Linux Enterprise Server 11 SP2
  • libMagickCore1 >= 6.4.3.6-7.22.1
  • libMagickCore1-32bit >= 6.4.3.6-7.22.1
SUSE Linux Enterprise Server 11 SP3
  • libMagickCore1 >= 6.4.3.6-7.26.1
  • libMagickCore1-32bit >= 6.4.3.6-7.26.1
SUSE Linux Enterprise Server 11 SP4
  • libMagickCore1 >= 6.4.3.6-7.30.1
  • libMagickCore1-32bit >= 6.4.3.6-7.30.1
SUSE Linux Enterprise Software Development Kit 11 SP4
  • GraphicsMagick >= 1.2.5-4.33.1
  • ImageMagick >= 6.4.3.6-7.30.1
  • ImageMagick-devel >= 6.4.3.6-7.30.1
  • libGraphicsMagick2 >= 1.2.5-4.33.1
  • libMagick++-devel >= 6.4.3.6-7.30.1
  • libMagick++1 >= 6.4.3.6-7.30.1
  • libMagickWand1 >= 6.4.3.6-7.30.1
  • libMagickWand1-32bit >= 6.4.3.6-7.30.1
  • perl-GraphicsMagick >= 1.2.5-4.33.1
  • perl-PerlMagick >= 6.4.3.6-7.30.1