Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Libx11 | X.org | * | 1.0.2 (including) |
| Red Hat Enterprise Linux 2.1 | RedHat | XFree86-0:4.1.0-82.EL | * |
| Red Hat Enterprise Linux 3 | RedHat | XFree86-0:4.3.0-120.EL | * |
| Red Hat Enterprise Linux 4 | RedHat | xorg-x11-0:6.8.2-1.EL.13.37.7 | * |
| Red Hat Enterprise Linux 5 | RedHat | libX11-0:1.0.3-8.0.1.el5 | * |
| Red Hat Enterprise Linux 5 | RedHat | xorg-x11-apps-0:7.1-4.0.1.el5 | * |
| Graphicsmagick | Ubuntu | devel | * |
| Graphicsmagick | Ubuntu | edgy | * |
| Graphicsmagick | Ubuntu | feisty | * |
| Graphicsmagick | Ubuntu | gutsy | * |
| Graphicsmagick | Ubuntu | hardy | * |
| Imagemagick | Ubuntu | dapper | * |
| Imagemagick | Ubuntu | devel | * |
| Imagemagick | Ubuntu | edgy | * |
| Imagemagick | Ubuntu | feisty | * |
| Imagemagick | Ubuntu | gutsy | * |
| Imagemagick | Ubuntu | hardy | * |
| Libx11 | Ubuntu | dapper | * |
| Libx11 | Ubuntu | devel | * |
| Libx11 | Ubuntu | edgy | * |
| Libx11 | Ubuntu | feisty | * |
| Libx11 | Ubuntu | gutsy | * |
| Libx11 | Ubuntu | hardy | * |