Vulnerabilities > CVE-2007-5503 - Numeric Errors vulnerability in Redhat Cairo
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image with large width and height values, which is not properly handled by the read_png function.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2008-019.NASL description Peter Valchev discovered that Cairo did not correctly decode PNG image data. By tricking a user or automated system into processing a specially crafted PNG with Cairo, a remote attacker could execute arbitrary code with the privileges of the user opening the file. The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 36463 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36463 title Mandriva Linux Security Advisory : cairo (MDVSA-2008:019) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2008:019. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(36463); script_version ("1.15"); script_cvs_date("Date: 2019/08/02 13:32:50"); script_cve_id("CVE-2007-5503"); script_bugtraq_id(26650); script_xref(name:"MDVSA", value:"2008:019"); script_name(english:"Mandriva Linux Security Advisory : cairo (MDVSA-2008:019)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Peter Valchev discovered that Cairo did not correctly decode PNG image data. By tricking a user or automated system into processing a specially crafted PNG with Cairo, a remote attacker could execute arbitrary code with the privileges of the user opening the file. The updated packages have been patched to correct this issue." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64cairo-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64cairo-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64cairo2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64cairo2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64cairo2-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libcairo-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libcairo-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libcairo2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libcairo2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libcairo2-static-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0"); script_set_attribute(attribute:"patch_publication_date", value:"2008/01/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64cairo2-1.2.4-2.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64cairo2-devel-1.2.4-2.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64cairo2-static-devel-1.2.4-2.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libcairo2-1.2.4-2.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libcairo2-devel-1.2.4-2.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libcairo2-static-devel-1.2.4-2.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64cairo2-1.4.2-1.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64cairo2-devel-1.4.2-1.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64cairo2-static-devel-1.4.2-1.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libcairo2-1.4.2-1.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libcairo2-devel-1.4.2-1.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libcairo2-static-devel-1.4.2-1.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64cairo-devel-1.4.10-2.2mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64cairo-static-devel-1.4.10-2.2mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64cairo2-1.4.10-2.2mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libcairo-devel-1.4.10-2.2mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libcairo-static-devel-1.4.10-2.2mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libcairo2-1.4.10-2.2mdv2008.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-1078.NASL description Updated Cairo packages that resolve a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Cairo is a vector graphics library designed to provide high-quality display and print output. An integer overflow flaw was found in the way Cairo processes PNG images. If an application linked against Cairo processes a malicious PNG image, it is possible to execute arbitrary code as the user running the application. (CVE-2007-5503) Users of Cairo are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 28368 published 2007-11-30 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28368 title RHEL 5 : cairo (RHSA-2007:1078) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:1078. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(28368); script_version ("1.24"); script_cvs_date("Date: 2019/10/25 13:36:13"); script_cve_id("CVE-2007-5503"); script_bugtraq_id(26650); script_xref(name:"RHSA", value:"2007:1078"); script_name(english:"RHEL 5 : cairo (RHSA-2007:1078)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated Cairo packages that resolve a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Cairo is a vector graphics library designed to provide high-quality display and print output. An integer overflow flaw was found in the way Cairo processes PNG images. If an application linked against Cairo processes a malicious PNG image, it is possible to execute arbitrary code as the user running the application. (CVE-2007-5503) Users of Cairo are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-5503" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2007:1078" ); script_set_attribute( attribute:"solution", value:"Update the affected cairo and / or cairo-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cairo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cairo-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/11/29"); script_set_attribute(attribute:"patch_publication_date", value:"2007/11/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/30"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2007:1078"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", reference:"cairo-1.2.4-3.el5_1")) flag++; if (rpm_check(release:"RHEL5", reference:"cairo-devel-1.2.4-3.el5_1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cairo / cairo-devel"); } }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-550-1.NASL description Peter Valchev discovered that Cairo did not correctly decode PNG image data. By tricking a user or automated system into processing a specially crafted PNG with Cairo, a remote attacker could execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 29214 published 2007-12-04 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/29214 title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : libcairo vulnerability (USN-550-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-550-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(29214); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:33:01"); script_cve_id("CVE-2007-5503"); script_xref(name:"USN", value:"550-1"); script_name(english:"Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : libcairo vulnerability (USN-550-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Peter Valchev discovered that Cairo did not correctly decode PNG image data. By tricking a user or automated system into processing a specially crafted PNG with Cairo, a remote attacker could execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/550-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcairo-directfb2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcairo-directfb2-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcairo2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcairo2-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcairo2-doc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.10"); script_set_attribute(attribute:"patch_publication_date", value:"2007/12/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(6\.06|6\.10|7\.04|7\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 6.10 / 7.04 / 7.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"6.06", pkgname:"libcairo2", pkgver:"1.0.4-0ubuntu1.1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libcairo2-dev", pkgver:"1.0.4-0ubuntu1.1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libcairo2-doc", pkgver:"1.0.4-0ubuntu1.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libcairo-directfb2", pkgver:"1.2.4-1ubuntu2.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libcairo-directfb2-dev", pkgver:"1.2.4-1ubuntu2.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libcairo2", pkgver:"1.2.4-1ubuntu2.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libcairo2-dev", pkgver:"1.2.4-1ubuntu2.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libcairo2-doc", pkgver:"1.2.4-1ubuntu2.1")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"libcairo-directfb2", pkgver:"1.4.2-0ubuntu1.1")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"libcairo-directfb2-dev", pkgver:"1.4.2-0ubuntu1.1")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"libcairo2", pkgver:"1.4.2-0ubuntu1.1")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"libcairo2-dev", pkgver:"1.4.2-0ubuntu1.1")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"libcairo2-doc", pkgver:"1.4.2-0ubuntu1.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"libcairo-directfb2", pkgver:"1.4.10-1ubuntu4.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"libcairo-directfb2-dev", pkgver:"1.4.10-1ubuntu4.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"libcairo2", pkgver:"1.4.10-1ubuntu4.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"libcairo2-dev", pkgver:"1.4.10-1ubuntu4.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"libcairo2-doc", pkgver:"1.4.10-1ubuntu4.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libcairo-directfb2 / libcairo-directfb2-dev / libcairo2 / etc"); }NASL family SuSE Local Security Checks NASL id SUSE_CAIRO-4947.NASL description This update of cairo fixes several integer overflows while decoding PNG images. This can be exploited remotely with user-assistance to execute arbitrary code. (CVE-2007-5503) last seen 2020-06-01 modified 2020-06-02 plugin id 30191 published 2008-02-06 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/30191 title openSUSE 10 Security Update : cairo (cairo-4947) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update cairo-4947. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(30191); script_version ("1.9"); script_cvs_date("Date: 2019/10/25 13:36:32"); script_cve_id("CVE-2007-5503"); script_name(english:"openSUSE 10 Security Update : cairo (cairo-4947)"); script_summary(english:"Check for the cairo-4947 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update of cairo fixes several integer overflows while decoding PNG images. This can be exploited remotely with user-assistance to execute arbitrary code. (CVE-2007-5503)" ); script_set_attribute( attribute:"solution", value:"Update the affected cairo packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cairo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cairo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cairo-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3"); script_set_attribute(attribute:"patch_publication_date", value:"2008/01/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/02/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.1|SUSE10\.2|SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1 / 10.2 / 10.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.1", reference:"cairo-1.0.2-27.19") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"cairo-devel-1.0.2-27.19") ) flag++; if ( rpm_check(release:"SUSE10.1", cpu:"x86_64", reference:"cairo-32bit-1.0.2-27.19") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"cairo-1.2.4-10") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"cairo-devel-1.2.4-10") ) flag++; if ( rpm_check(release:"SUSE10.2", cpu:"x86_64", reference:"cairo-32bit-1.2.4-10") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"cairo-1.4.10-25.2") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"cairo-devel-1.4.10-25.2") ) flag++; if ( rpm_check(release:"SUSE10.3", cpu:"x86_64", reference:"cairo-32bit-1.4.10-25.2") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cairo"); }NASL family Fedora Local Security Checks NASL id FEDORA_2007-3818.NASL description The latest stable upstream release of cairo fixes a number of memory handling errors, rendering errors, and contains some optimizations. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 30024 published 2008-01-21 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/30024 title Fedora 7 : cairo-1.4.14-1.fc7 (2007-3818) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2007-3818. # include("compat.inc"); if (description) { script_id(30024); script_version ("1.15"); script_cvs_date("Date: 2019/08/02 13:32:26"); script_cve_id("CVE-2007-5503"); script_bugtraq_id(26650); script_xref(name:"FEDORA", value:"2007-3818"); script_name(english:"Fedora 7 : cairo-1.4.14-1.fc7 (2007-3818)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "The latest stable upstream release of cairo fixes a number of memory handling errors, rendering errors, and contains some optimizations. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=387431" ); # https://lists.fedoraproject.org/pipermail/package-announce/2008-January/006983.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f9563395" ); script_set_attribute( attribute:"solution", value: "Update the affected cairo, cairo-debuginfo and / or cairo-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cairo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cairo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cairo-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:7"); script_set_attribute(attribute:"patch_publication_date", value:"2008/01/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/01/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 7.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC7", reference:"cairo-1.4.14-1.fc7")) flag++; if (rpm_check(release:"FC7", reference:"cairo-debuginfo-1.4.14-1.fc7")) flag++; if (rpm_check(release:"FC7", reference:"cairo-devel-1.4.14-1.fc7")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cairo / cairo-debuginfo / cairo-devel"); }NASL family Scientific Linux Local Security Checks NASL id SL_20071129_CAIRO_ON_SL5_X.NASL description An integer overflow flaw was found in the way Cairo processes PNG images. If an application linked against Cairo processes a malicious PNG image, it is possible to execute arbitrary code as the user running the application. (CVE-2007-5503) last seen 2020-06-01 modified 2020-06-02 plugin id 60317 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60317 title Scientific Linux Security Update : cairo on SL5.x i386/x86_64 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(60317); script_version("1.4"); script_cvs_date("Date: 2019/10/25 13:36:17"); script_cve_id("CVE-2007-5503"); script_name(english:"Scientific Linux Security Update : cairo on SL5.x i386/x86_64"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An integer overflow flaw was found in the way Cairo processes PNG images. If an application linked against Cairo processes a malicious PNG image, it is possible to execute arbitrary code as the user running the application. (CVE-2007-5503)" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0711&L=scientific-linux-errata&T=0&P=4692 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?afdabaca" ); script_set_attribute( attribute:"solution", value:"Update the affected cairo and / or cairo-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/11/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL5", reference:"cairo-1.2.4-3.el5")) flag++; if (rpm_check(release:"SL5", reference:"cairo-devel-1.2.4-3.el5")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_CAIRO-4961.NASL description This update of cairo fixes several integer overflows while decoding PNG images. This can be exploited remotely with user-assistance to execute arbitrary code. (CVE-2007-5503) last seen 2020-06-01 modified 2020-06-02 plugin id 30192 published 2008-02-06 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/30192 title SuSE 10 Security Update : cairo (ZYPP Patch Number 4961) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1542.NASL description Peter Valchev (Google Security) discovered a series of integer overflow weaknesses in Cairo, a vector graphics rendering library used by many other applications. If an application uses cairo to render a maliciously crafted PNG image, the vulnerability allows the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 31948 published 2008-04-17 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31948 title Debian DSA-1542-1 : libcairo - integer overflow NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201209-25.NASL description The remote host is affected by the vulnerability described in GLSA-201209-25 (VMware Player, Server, Workstation: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in VMware Player, Server, and Workstation. Please review the CVE identifiers referenced below for details. Impact : Local users may be able to gain escalated privileges, cause a Denial of Service, or gain sensitive information. A remote attacker could entice a user to open a specially crafted file, possibly resulting in the remote execution of arbitrary code, or a Denial of Service. Remote attackers also may be able to spoof DNS traffic, read arbitrary files, or inject arbitrary web script to the VMware Server Console. Furthermore, guest OS users may be able to execute arbitrary code on the host OS, gain escalated privileges on the guest OS, or cause a Denial of Service (crash the host OS). Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 62383 published 2012-10-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62383 title GLSA-201209-25 : VMware Player, Server, Workstation: Multiple vulnerabilities NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2008-0014.NASL description I Security Issues a. Setting ActiveX kill bit Starting from this release, VMware has set the kill bit on its ActiveX controls. Setting the kill bit ensures that ActiveX controls cannot run in Internet Explorer (IE), and avoids security issues involving ActiveX controls in IE. See the Microsoft KB article 240797 and the related references on this topic. Security vulnerabilities have been reported for ActiveX controls provided by VMware when run in IE. Under specific circumstances, exploitation of these ActiveX controls might result in denial-of- service or can allow running of arbitrary code when the user browses a malicious Web site or opens a malicious file in IE browser. An attempt to run unsafe ActiveX controls in IE might result in pop-up windows warning the user. Note: IE can be configured to run unsafe ActiveX controls without prompting. VMware recommends that you retain the default settings in IE, which prompts when unsafe actions are requested. Earlier, VMware had issued knowledge base articles, KB 5965318 and KB 9078920 on security issues with ActiveX controls. To avoid malicious scripts that exploit ActiveX controls, do not enable unsafe ActiveX objects in your browser settings. As a best practice, do not browse untrusted Web sites as an administrator and do not click OK or Yes if prompted by IE to allow certain actions. VMware would like to thank Julien Bachmann, Shennan Wang, Shinnai, and Michal Bucko for reporting these issues to us. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the names CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, CVE-2007-5438, and CVE-2008-3696 to the security issues with VMware ActiveX controls. b. VMware ISAPI Extension Denial of Service The Internet Server Application Programming Interface (ISAPI) is an API that extends the functionality of Internet Information Server (IIS). VMware uses ISAPI extensions in its Server product. One of the ISAPI extensions provided by VMware is vulnerable to a remote denial of service. By sending a malformed request, IIS might shut down. IIS 6.0 restarts automatically. However, IIS 5.0 does not restart automatically when its Startup Type is set to Manual. VMware would like to thank the Juniper Networks J-Security Security Research Team for reporting this issue to us. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-3697 to this issue. c. OpenProcess Local Privilege Escalation on Host System This release fixes a privilege escalation vulnerability in host systems. Exploitation of this vulnerability allows users to run arbitrary code on the host system with elevated privileges. VMware would like to thank Sun Bing from McAfee, Inc. for reporting this issue to us. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-3698 to this issue. d. Update to Freetype FreeType 2.3.6 resolves an integer overflow vulnerability and other vulnerabilities that can allow malicious users to run arbitrary code or might cause a denial-of-service after reading a maliciously crafted file. This release updates FreeType to 2.3.7. The Common Vulnerabilities and Exposures Project (cve.mitre.com) has assigned the names CVE-2008-1806, CVE-2008-1807, and CVE-2008-1808 to the issues resolved in Freetype 2.3.6. e. Update to Cairo Cairo 1.4.12 resolves an integer overflow vulnerability that can allow malicious users to run arbitrary code or might cause a denial-of-service after reading a maliciously crafted PNG file. This release updates Cairo to 1.4.14. The Common Vulnerabilities and Exposures (cve.mitre.com) has assigned the name CVE-2007-5503 to this issue. f. VMware Consolidated Backup (VCB) command-line utilities may expose sensitive information VMware Consolidated Backup command-line utilities accept the user password through the -p command-line option. Users logged into the ESX service console or into the system that runs VCB could gain access to the username and password used by VCB command-line utilities when such commands are running. The ESX patch and the new version of VCB resolve this issue by providing an alternative way of passing the password used by VCB command-line utilities. VCB in ESX ---------- The following options are recommended for passing the password : 1. The password is specified in /etc/backuptools.conf (PASSWORD=xxxxx), and -p is not used in the command line. /etc/backuptools.conf file permissions are read/write only for root. 2. No password is specified in /etc/backuptools.conf and the -p option is not used in the command line. The user will be prompted to enter a password. ESX is not affected unless you use VCB. Stand-alone VCB --------------- The following options are recommended for passing the password : 1. The password is specified in config.js (PASSWORD=xxxxx), and -p is not used in the command line. The file permissions on config.js are read/write only for the administrator. The config.js file is located in folder last seen 2020-06-01 modified 2020-06-02 plugin id 40382 published 2009-07-27 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40382 title VMSA-2008-0014 : Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX, VMware VCB address information disclosure, privilege escalation and other security issues. NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2007-337-01.NASL description New cairo packages are available for Slackware 11.0, 12.0, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 29189 published 2007-12-04 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29189 title Slackware 11.0 / 12.0 / current : cairo (SSA:2007-337-01) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200712-04.NASL description The remote host is affected by the vulnerability described in GLSA-200712-04 (Cairo: User-assisted execution of arbitrary code) Multiple integer overflows were reported, one of which Peter Valchev (Google Security) found to be leading to a heap-based buffer overflow in the cairo_image_surface_create_from_png() function that processes PNG images. Impact : A remote attacker could entice a user to view or process a specially crafted PNG image file in an application linked against Cairo, possibly leading to the execution of arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 29291 published 2007-12-11 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29291 title GLSA-200712-04 : Cairo: User-assisted execution of arbitrary code
Oval
| accepted | 2013-04-29T04:12:40.867-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image with large width and height values, which is not properly handled by the read_png function. | ||||||||||||
| family | unix | ||||||||||||
| id | oval:org.mitre.oval:def:11251 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||
| title | Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image with large width and height values, which is not properly handled by the read_png function. | ||||||||||||
| version | 19 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://rhn.redhat.com/errata/RHSA-2007-1078.html
- http://bugs.gentoo.org/show_bug.cgi?id=200350
- http://security.gentoo.org/glsa/glsa-200712-04.xml
- http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.362119
- http://www.securitytracker.com/id?1019027
- http://secunia.com/advisories/27819
- http://secunia.com/advisories/27775
- http://secunia.com/advisories/27887
- http://secunia.com/advisories/27985
- http://bugs.gentoo.org/show_bug.cgi?id=201860
- http://www.gentoo.org/security/en/glsa/glsa-200712-24.xml
- http://secunia.com/advisories/28289
- http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0015
- https://issues.rpath.com/browse/RPL-1966
- http://secunia.com/advisories/28476
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00630.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:019
- http://secunia.com/advisories/28529
- http://secunia.com/advisories/28555
- http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html
- http://secunia.com/advisories/28838
- http://www.securityfocus.com/bid/26650
- http://secunia.com/advisories/27880
- http://www.debian.org/security/2008/dsa-1542
- http://secunia.com/advisories/29767
- http://www.vmware.com/security/advisories/VMSA-2008-0014.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html
- http://www.vmware.com/support/player2/doc/releasenotes_player2.html
- http://www.vmware.com/support/server/doc/releasenotes_server.html
- http://secunia.com/advisories/31707
- http://secunia.com/advisories/31711
- http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
- http://www.vupen.com/english/advisories/2008/2466
- http://www.vupen.com/english/advisories/2007/4045
- https://bugzilla.redhat.com/show_bug.cgi?id=387431
- http://security.gentoo.org/glsa/glsa-201209-25.xml
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38771
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11251
- https://usn.ubuntu.com/550-2/
- https://usn.ubuntu.com/550-1/
- http://www.securityfocus.com/archive/1/495869/100/0/threaded
- http://www.securityfocus.com/archive/1/486405/100/0/threaded
- http://gitweb.freedesktop.org/?p=cairo%3Ba=commitdiff%3Bh=e49bcde27f88e21d5b8037a0089a226096f6514b
- http://gitweb.freedesktop.org/?p=cairo%3Ba=commitdiff%3Bh=5c7d2d14d78e4dfb1ef6d2c40f0910f177e07360
- http://gitweb.freedesktop.org/?p=cairo%3Ba=commitdiff_plain%3Bh=6020f67f1a49cfe3844c4938d4af24c63c8424cc%3Bhp=c79fc9af334fd6f2d1078071d64178125561b187