201298 – CVE-2007-5503 - Vulnerability in Cairo - Boundary Condition Error

Bug 201298 - CVE-2007-5503 - Vulnerability in Cairo - Boundary Condition Error

Summary: CVE-2007-5503 - Vulnerability in Cairo - Boundary Condition Error

Status:	RESOLVED DUPLICATE of bug 200350

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2007-12-04 23:34 UTC by Kristian Poul Herkild
Modified:	2007-12-04 23:42 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Kristian Poul Herkild 2007-12-04 23:34:50 UTC

Cairo is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun. Attackers may exploit this issue to overflow a buffer and to corrupt process memory.

Attackers may be able to execute arbitrary machine code in the context of an affected application. Failed exploit attempts will likely result in a denial-of-service condition.

This issue affects versions prior to Cairo 1.4.12.

Comment 1 Robert Buchholz (RETIRED) gentoo-dev

2007-12-04 23:42:36 UTC

Thanks for the report. Dupe though ;-)

*** This bug has been marked as a duplicate of bug 200350 ***