Search for vulnerabilities
Vulnerability details: VCID-gxzw-qhsm-aaaa
Vulnerability ID VCID-gxzw-qhsm-aaaa
Aliases CVE-2007-1667
Summary Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.
Status Published
Exploitability 0.5
Weighted Severity 8.4
Risk 4.2
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-189 Numeric Errors
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2007:0125
rhas Important https://access.redhat.com/errata/RHSA-2007:0126
rhas Moderate https://access.redhat.com/errata/RHSA-2007:0157
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.0114 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.02745 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.08353 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.08353 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.08353 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.08353 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.08353 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.08353 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.08353 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.08353 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.08353 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.08353 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.08353 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.08353 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.08353 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.12838 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
epss 0.12838 https://api.first.org/data/v1/epss?cve=CVE-2007-1667
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=231684
cvssv2 9.3 https://nvd.nist.gov/vuln/detail/CVE-2007-1667
Reference id Reference type URL
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414045
http://issues.foresightlinux.org/browse/FL-223
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html
http://rhn.redhat.com/errata/RHSA-2007-0125.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1667.json
https://api.first.org/data/v1/epss?cve=CVE-2007-1667
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231684
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1667
http://secunia.com/advisories/24739
http://secunia.com/advisories/24741
http://secunia.com/advisories/24745
http://secunia.com/advisories/24756
http://secunia.com/advisories/24758
http://secunia.com/advisories/24765
http://secunia.com/advisories/24771
http://secunia.com/advisories/24791
http://secunia.com/advisories/24953
http://secunia.com/advisories/24975
http://secunia.com/advisories/25004
http://secunia.com/advisories/25072
http://secunia.com/advisories/25112
http://secunia.com/advisories/25131
http://secunia.com/advisories/25305
http://secunia.com/advisories/25992
http://secunia.com/advisories/26177
http://secunia.com/advisories/30161
http://secunia.com/advisories/33937
http://secunia.com/advisories/36260
http://security.gentoo.org/glsa/glsa-200705-06.xml
https://issues.rpath.com/browse/RPL-1211
https://issues.rpath.com/browse/RPL-1213
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1693
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9776
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102888-1
http://support.apple.com/kb/HT3438
http://support.avaya.com/elmodocs2/security/ASA-2007-176.htm
http://www.debian.org/security/2007/dsa-1294
http://www.debian.org/security/2009/dsa-1858
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:079
http://www.mandriva.com/security/advisories?name=MDKSA-2007:147
http://www.novell.com/linux/security/advisories/2007_27_x.html
http://www.novell.com/linux/security/advisories/2007_8_sr.html
http://www.openbsd.org/errata39.html#021_xorg
http://www.openbsd.org/errata40.html#011_xorg
http://www.redhat.com/support/errata/RHSA-2007-0126.html
http://www.redhat.com/support/errata/RHSA-2007-0157.html
http://www.securityfocus.com/archive/1/464686/100/0/threaded
http://www.securityfocus.com/archive/1/464816/100/0/threaded
http://www.securityfocus.com/bid/23300
http://www.securitytracker.com/id?1017864
http://www.ubuntu.com/usn/usn-453-1
http://www.ubuntu.com/usn/usn-453-2
http://www.ubuntu.com/usn/usn-481-1
http://www.vupen.com/english/advisories/2007/1217
http://www.vupen.com/english/advisories/2007/1531
231684 https://bugzilla.redhat.com/show_bug.cgi?id=231684
414045 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414045
cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
cpe:2.3:a:x.org:libx11:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:x.org:libx11:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
CVE-2007-1667 https://nvd.nist.gov/vuln/detail/CVE-2007-1667
GLSA-200705-06 https://security.gentoo.org/glsa/200705-06
RHSA-2007:0125 https://access.redhat.com/errata/RHSA-2007:0125
RHSA-2007:0126 https://access.redhat.com/errata/RHSA-2007:0126
RHSA-2007:0157 https://access.redhat.com/errata/RHSA-2007:0157
USN-453-1 https://usn.ubuntu.com/453-1/
USN-481-1 https://usn.ubuntu.com/481-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2007-1667
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.76479
EPSS Score 0.0114
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.