CVE-2007-1667
graphicsmagick - several
EPSS 2.1%
Description
Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.
How to fix CVE-2007-1667
To remediate CVE-2007-1667, upgrade the affected package to a fixed version below.
- Debian/graphicsmagick—upgrade to 1.1.7-14 or later
- Debian/graphicsmagick—upgrade to 1.1.7-13+etch1 or later
- —upgrade to 7:6.2.4.5.dfsg1-1 or later
- —upgrade to 7:6.2.4.5.dfsg1-0.15+etch1 or later
- —upgrade to 2:1.0.3-7 or later
Is CVE-2007-1667 being exploited?
Low — EPSS is 2.1%, meaning exploitation activity has not been observed at scale.
Affected packages (5)
- from 0, < 1.1.7-14
- from 0, < 1.1.7-13+etch1
- from 0, < 7:6.2.4.5.dfsg1-1
- from 0, < 7:6.2.4.5.dfsg1-0.15+etch1
- from 0, < 2:1.0.3-7