{"api_version":"1","generated_at":"2026-04-24T20:39:33+00:00","cve":"CVE-2007-5503","urls":{"html":"https://cve.report/CVE-2007-5503","api":"https://cve.report/api/cve/CVE-2007-5503.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2007-5503","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2007-5503"},"summary":{"title":"CVE-2007-5503","description":"Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image with large width and height values, which is not properly handled by the read_png function.","state":"PUBLISHED","assigner":"redhat","published_at":"2007-11-30 01:46:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-189","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"6.8","severity":"","vector":"AV:N/AC:M/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=387431","name":"https://bugzilla.redhat.com/show_bug.cgi?id=387431","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Bug 387431 – CVE-2007-5503 cairo integer overflow","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2008/dsa-1542","name":"http://www.debian.org/security/2008/dsa-1542","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Debian -- Security Information -- DSA-1542-1 libcairo","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://bugs.gentoo.org/show_bug.cgi?id=200350","name":"http://bugs.gentoo.org/show_bug.cgi?id=200350","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Gentoo Bug 200350 - x11-libs/cairo <1.4.12 Buffer overflow in read_png() (CVE-2007-5503)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/27887","name":"http://secunia.com/advisories/27887","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Ubuntu update for cairo - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/28476","name":"http://secunia.com/advisories/28476","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"rPath update for cairo - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/28289","name":"http://secunia.com/advisories/28289","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Gentoo update for emul-linux-x86-gtklibs - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/27819","name":"http://secunia.com/advisories/27819","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Red Hat update for cairo - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0015","name":"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0015","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"http://www.securityfocus.com/archive/1/495869/100/0/threaded","name":"http://www.securityfocus.com/archive/1/495869/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://security.gentoo.org/glsa/glsa-200712-04.xml","name":"http://security.gentoo.org/glsa/glsa-200712-04.xml","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Gentoo Linux Documentation\n--\n  Cairo: User-assisted execution of arbitrary code","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vmware.com/support/server/doc/releasenotes_server.html","name":"http://www.vmware.com/support/server/doc/releasenotes_server.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"VMware Server Release Notes","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/26650","name":"http://www.securityfocus.com/bid/26650","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Cairo PNG Image Processing Remote Integer Overflow Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://secunia.com/advisories/27880","name":"http://secunia.com/advisories/27880","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Cairo PNG Image Processing Integer Overflow - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://issues.rpath.com/browse/RPL-1966","name":"https://issues.rpath.com/browse/RPL-1966","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html","name":"http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[security-announce] SUSE Security Summary Report SUSE-SR:2008:003","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://bugs.gentoo.org/show_bug.cgi?id=201860","name":"http://bugs.gentoo.org/show_bug.cgi?id=201860","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Gentoo Bug 201860 - app-emulation/emul-linux-x86-gtklibs < 20071210 Merge newer cairo (CVE-2007-5503)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/550-2/","name":"https://usn.ubuntu.com/550-2/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"USN-550-2: Cairo regression | Ubuntu security notices","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/27985","name":"http://secunia.com/advisories/27985","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Gentoo update for cairo - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11251","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11251","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.362119","name":"http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.362119","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"The Slackware Linux Project: Slackware Security Advisories","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/29767","name":"http://secunia.com/advisories/29767","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Debian update for libcairo - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/28838","name":"http://secunia.com/advisories/28838","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"SUSE Update for Multiple Packages - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/28529","name":"http://secunia.com/advisories/28529","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Fedora update for cairo - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html","name":"http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"VMware Workstation 6 Release Notes","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2008/2466","name":"http://www.vupen.com/english/advisories/2008/2466","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vmware.com/security/advisories/VMSA-2008-0014.html","name":"http://www.vmware.com/security/advisories/VMSA-2008-0014.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"VMSA-2008-0014.3 - VMware","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2007-1078.html","name":"http://rhn.redhat.com/errata/RHSA-2007-1078.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"http://www.vmware.com/support/player2/doc/releasenotes_player2.html","name":"http://www.vmware.com/support/player2/doc/releasenotes_player2.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"VMware Player Release Notes","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00630.html","name":"https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00630.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[SECURITY] Fedora 7 Update: cairo-1.4.14-1.fc7","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2007/4045","name":"http://www.vupen.com/english/advisories/2007/4045","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Webmail - OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://security.gentoo.org/glsa/glsa-201209-25.xml","name":"http://security.gentoo.org/glsa/glsa-201209-25.xml","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Gentoo Linux Documentation\n--\n  VMware Player, Server, Workstation: Multiple vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1019027","name":"http://www.securitytracker.com/id?1019027","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityTracker.com Archives - Cairo Integer Overflow in Processing PNG Files Lets Remote Users Execute Arbitrary Code","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/486405/100/0/threaded","name":"http://www.securityfocus.com/archive/1/486405/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/27775","name":"http://secunia.com/advisories/27775","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Slackware update for cairo - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://gitweb.freedesktop.org/?p=cairo%3Ba=commitdiff%3Bh=5c7d2d14d78e4dfb1ef6d2c40f0910f177e07360","name":"http://gitweb.freedesktop.org/?p=cairo%3Ba=commitdiff%3Bh=5c7d2d14d78e4dfb1ef6d2c40f0910f177e07360","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"freedesktop.org git - cairo/commitdiff","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:019","name":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:019","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Support / Security / Advisories /  / MDVSA-2008:019 | Mandriva","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/38771","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/38771","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.gentoo.org/security/en/glsa/glsa-200712-24.xml","name":"http://www.gentoo.org/security/en/glsa/glsa-200712-24.xml","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Gentoo Linux Documentation\n--\n  AMD64 x86 emulation GTK+ library: User-assisted execution of arbitrary code","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/550-1/","name":"https://usn.ubuntu.com/550-1/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"USN-550-1: Cairo vulnerability | Ubuntu security notices","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/31711","name":"http://secunia.com/advisories/31711","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"VMware Fusion Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/28555","name":"http://secunia.com/advisories/28555","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Mandriva update for cairo - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/31707","name":"http://secunia.com/advisories/31707","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"VMware Workstation Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://gitweb.freedesktop.org/?p=cairo%3Ba=commitdiff%3Bh=e49bcde27f88e21d5b8037a0089a226096f6514b","name":"http://gitweb.freedesktop.org/?p=cairo%3Ba=commitdiff%3Bh=e49bcde27f88e21d5b8037a0089a226096f6514b","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"freedesktop.org git - cairo/commitdiff","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html","name":"http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[Full-disclosure] VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://gitweb.freedesktop.org/?p=cairo%3Ba=commitdiff_plain%3Bh=6020f67f1a49cfe3844c4938d4af24c63c8424cc%3Bhp=c79fc9af334fd6f2d1078071d64178125561b187","name":"http://gitweb.freedesktop.org/?p=cairo%3Ba=commitdiff_plain%3Bh=6020f67f1a49cfe3844c4938d4af24c63c8424cc%3Bhp=c79fc9af334fd6f2d1078071d64178125561b187","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"cgit.freedesktop.org http git virtual host","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://gitweb.freedesktop.org/?p=cairo;a=commitdiff;h=5c7d2d14d78e4dfb1ef6d2c40f0910f177e07360","name":"CONFIRM:http://gitweb.freedesktop.org/?p=cairo;a=commitdiff;h=5c7d2d14d78e4dfb1ef6d2c40f0910f177e07360","refsource":"MITRE","tags":[],"title":"freedesktop.org git - cairo/commitdiff","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"http://gitweb.freedesktop.org/?p=cairo;a=commitdiff;h=e49bcde27f88e21d5b8037a0089a226096f6514b","name":"CONFIRM:http://gitweb.freedesktop.org/?p=cairo;a=commitdiff;h=e49bcde27f88e21d5b8037a0089a226096f6514b","refsource":"MITRE","tags":[],"title":"freedesktop.org git - cairo/commitdiff","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"http://gitweb.freedesktop.org/?p=cairo;a=commitdiff_plain;h=6020f67f1a49cfe3844c4938d4af24c63c8424cc;hp=c79fc9af334fd6f2d1078071d64178125561b187","name":"CONFIRM:http://gitweb.freedesktop.org/?p=cairo;a=commitdiff_plain;h=6020f67f1a49cfe3844c4938d4af24c63c8424cc;hp=c79fc9af334fd6f2d1078071d64178125561b187","refsource":"MITRE","tags":[],"title":"cgit.freedesktop.org http git virtual host","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/errata/RHSA-2007:1078","name":"MISC:https://access.redhat.com/errata/RHSA-2007:1078","refsource":"MITRE","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/security/cve/CVE-2007-5503","name":"MISC:https://access.redhat.com/security/cve/CVE-2007-5503","refsource":"MITRE","tags":[],"title":"access.redhat.com | CVE-2007-5503","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2007-5503","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-5503","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2007","cve_id":"5503","vulnerable":"1","versionEndIncluding":"1.4.10","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"cairo","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T15:31:58.821Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://issues.rpath.com/browse/RPL-1966"},{"name":"USN-550-2","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"https://usn.ubuntu.com/550-2/"},{"name":"GLSA-201209-25","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"http://security.gentoo.org/glsa/glsa-201209-25.xml"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.vmware.com/security/advisories/VMSA-2008-0014.html"},{"name":"28529","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/28529"},{"name":"28555","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/28555"},{"name":"27985","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/27985"},{"name":"27880","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/27880"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0015"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=387431"},{"name":"SSA:2007-337-01","tags":["vendor-advisory","x_refsource_SLACKWARE","x_transferred"],"url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.362119"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://gitweb.freedesktop.org/?p=cairo%3Ba=commitdiff%3Bh=e49bcde27f88e21d5b8037a0089a226096f6514b"},{"name":"DSA-1542","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2008/dsa-1542"},{"name":"28289","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/28289"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.vmware.com/support/server/doc/releasenotes_server.html"},{"name":"28476","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/28476"},{"name":"27887","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/27887"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://bugs.gentoo.org/show_bug.cgi?id=201860"},{"name":"26650","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/26650"},{"name":"cario-readpng-bo(38771)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/38771"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.vmware.com/support/player2/doc/releasenotes_player2.html"},{"name":"GLSA-200712-24","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"http://www.gentoo.org/security/en/glsa/glsa-200712-24.xml"},{"name":"MDVSA-2008:019","tags":["vendor-advisory","x_refsource_MANDRIVA","x_transferred"],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:019"},{"name":"27819","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/27819"},{"name":"USN-550-1","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"https://usn.ubuntu.com/550-1/"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://bugs.gentoo.org/show_bug.cgi?id=200350"},{"name":"FEDORA-2007-3818","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00630.html"},{"name":"GLSA-200712-04","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"http://security.gentoo.org/glsa/glsa-200712-04.xml"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"},{"name":"ADV-2007-4045","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2007/4045"},{"name":"20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/495869/100/0/threaded"},{"name":"31711","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/31711"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://gitweb.freedesktop.org/?p=cairo%3Ba=commitdiff_plain%3Bh=6020f67f1a49cfe3844c4938d4af24c63c8424cc%3Bhp=c79fc9af334fd6f2d1078071d64178125561b187"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://gitweb.freedesktop.org/?p=cairo%3Ba=commitdiff%3Bh=5c7d2d14d78e4dfb1ef6d2c40f0910f177e07360"},{"name":"20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.","tags":["mailing-list","x_refsource_FULLDISC","x_transferred"],"url":"http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"},{"name":"31707","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/31707"},{"name":"oval:org.mitre.oval:def:11251","tags":["vdb-entry","signature","x_refsource_OVAL","x_transferred"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11251"},{"name":"1019027","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1019027"},{"name":"28838","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/28838"},{"name":"27775","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/27775"},{"name":"SUSE-SR:2008:003","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html"},{"name":"29767","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/29767"},{"name":"20080115 rPSA-2008-0015-1 cairo","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/486405/100/0/threaded"},{"name":"RHSA-2007:1078","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://rhn.redhat.com/errata/RHSA-2007-1078.html"},{"name":"ADV-2008-2466","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2008/2466"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2007-11-29T00:00:00.000Z","descriptions":[{"lang":"en","value":"Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image with large width and height values, which is not properly handled by the read_png function."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-15T20:57:01.000Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://issues.rpath.com/browse/RPL-1966"},{"name":"USN-550-2","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"https://usn.ubuntu.com/550-2/"},{"name":"GLSA-201209-25","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"http://security.gentoo.org/glsa/glsa-201209-25.xml"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.vmware.com/security/advisories/VMSA-2008-0014.html"},{"name":"28529","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/28529"},{"name":"28555","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/28555"},{"name":"27985","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/27985"},{"name":"27880","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/27880"},{"tags":["x_refsource_CONFIRM"],"url":"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0015"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=387431"},{"name":"SSA:2007-337-01","tags":["vendor-advisory","x_refsource_SLACKWARE"],"url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.362119"},{"tags":["x_refsource_CONFIRM"],"url":"http://gitweb.freedesktop.org/?p=cairo%3Ba=commitdiff%3Bh=e49bcde27f88e21d5b8037a0089a226096f6514b"},{"name":"DSA-1542","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2008/dsa-1542"},{"name":"28289","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/28289"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.vmware.com/support/server/doc/releasenotes_server.html"},{"name":"28476","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/28476"},{"name":"27887","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/27887"},{"tags":["x_refsource_MISC"],"url":"http://bugs.gentoo.org/show_bug.cgi?id=201860"},{"name":"26650","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/26650"},{"name":"cario-readpng-bo(38771)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/38771"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.vmware.com/support/player2/doc/releasenotes_player2.html"},{"name":"GLSA-200712-24","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"http://www.gentoo.org/security/en/glsa/glsa-200712-24.xml"},{"name":"MDVSA-2008:019","tags":["vendor-advisory","x_refsource_MANDRIVA"],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:019"},{"name":"27819","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/27819"},{"name":"USN-550-1","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"https://usn.ubuntu.com/550-1/"},{"tags":["x_refsource_CONFIRM"],"url":"http://bugs.gentoo.org/show_bug.cgi?id=200350"},{"name":"FEDORA-2007-3818","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00630.html"},{"name":"GLSA-200712-04","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"http://security.gentoo.org/glsa/glsa-200712-04.xml"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"},{"name":"ADV-2007-4045","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2007/4045"},{"name":"20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/495869/100/0/threaded"},{"name":"31711","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/31711"},{"tags":["x_refsource_CONFIRM"],"url":"http://gitweb.freedesktop.org/?p=cairo%3Ba=commitdiff_plain%3Bh=6020f67f1a49cfe3844c4938d4af24c63c8424cc%3Bhp=c79fc9af334fd6f2d1078071d64178125561b187"},{"tags":["x_refsource_CONFIRM"],"url":"http://gitweb.freedesktop.org/?p=cairo%3Ba=commitdiff%3Bh=5c7d2d14d78e4dfb1ef6d2c40f0910f177e07360"},{"name":"20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.","tags":["mailing-list","x_refsource_FULLDISC"],"url":"http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"},{"name":"31707","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/31707"},{"name":"oval:org.mitre.oval:def:11251","tags":["vdb-entry","signature","x_refsource_OVAL"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11251"},{"name":"1019027","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1019027"},{"name":"28838","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/28838"},{"name":"27775","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/27775"},{"name":"SUSE-SR:2008:003","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html"},{"name":"29767","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/29767"},{"name":"20080115 rPSA-2008-0015-1 cairo","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/486405/100/0/threaded"},{"name":"RHSA-2007:1078","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://rhn.redhat.com/errata/RHSA-2007-1078.html"},{"name":"ADV-2008-2466","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2008/2466"}]}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2007-5503","datePublished":"2007-11-30T01:00:00.000Z","dateReserved":"2007-10-17T00:00:00.000Z","dateUpdated":"2024-08-07T15:31:58.821Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2007-11-30 01:46:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-189","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:cairo:*:*:*:*:*:*:*:*","versionEndIncluding":"1.4.10","matchCriteriaId":"CAC9C111-86AD-4EF5-9786-4DDE6C378852"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2007","CveId":"5503","Ordinal":"1","Title":"CVE-2007-5503","CVE":"CVE-2007-5503","Year":"2007"},"notes":[{"CveYear":"2007","CveId":"5503","Ordinal":"1","NoteData":"Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image with large width and height values, which is not properly handled by the read_png function.","Type":"Description","Title":"CVE-2007-5503"},{"CveYear":"2007","CveId":"5503","Ordinal":"2","NoteData":"2007-11-29","Type":"Other","Title":"Published"},{"CveYear":"2007","CveId":"5503","Ordinal":"3","NoteData":"2018-10-15","Type":"Other","Title":"Modified"}]}}}