Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 201298

Summary: CVE-2007-5503 - Vulnerability in Cairo - Boundary Condition Error
Product: Gentoo Security Reporter: Kristian Poul Herkild <kristian>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Kristian Poul Herkild 2007-12-04 23:34:50 UTC 
Cairo is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun. Attackers may exploit this issue to overflow a buffer and to corrupt process memory.

Attackers may be able to execute arbitrary machine code in the context of an affected application. Failed exploit attempts will likely result in a denial-of-service condition.

This issue affects versions prior to Cairo 1.4.12.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2007-12-04 23:42:36 UTC 
Thanks for the report. Dupe though ;-)

*** This bug has been marked as a duplicate of bug 200350 ***