Vulnerability CVE-2007-3568

Vulnerability Name:

CVE-2007-3568 (CCN-35325)

Assigned:

2007-07-03

Published:

2007-07-03

Updated:

2017-07-29

Summary:

The _LoadBMP function in imlib 1.9.15 and earlier allows context-dependent attackers to cause a denial of service (infinite loop) via a BMP image with a Bits Per Page (BPP) value of 0.

CVSS v3 Severity:

3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
4.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P)
2.1 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2007-3568

Source: CCN
Type: ImLib FTP Web site
Index of /pub/GNOME/sources/imlib

Source: OSVDB
Type: UNKNOWN
39016

Source: CCN
Type: SECTRACK ID: 1018332
imlib _LoadBMP() Function Endless Loop Lets Remote Users Deny Service

Source: CCN
Type: OSVDB ID: 39016
ImLib _LoadBMP Function BMP File Handling DoS

Source: CCN
Type: SecuriTeam 3 Jul. 2007
ImLib _LoadBMP Endless Loop (BPP, biBitCount)

Source: MISC
Type: Exploit
http://www.securiteam.com/unixfocus/5WP030UM0W.html

Source: BID
Type: UNKNOWN
24750

Source: CCN
Type: BID-24750
ImLib BMP Image _LoadBMP Function Denial of Service Vulnerability

Source: SECTRACK
Type: Exploit
1018332

Source: XF
Type: UNKNOWN
imlib-loadbmp-dos(35325)

Source: XF
Type: UNKNOWN
dotclear-redacteur-xss(35325)

Vulnerable Configuration:

Configuration 1:

cpe:/a:imlib:imlib:*:*:*:*:*:*:*:* (Version <= 1.9.15)

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:26174	P	Security update for openexr (Moderate)	2021-12-01
oval:org.opensuse.security:def:20073568	V	CVE-2007-3568	2021-08-15
oval:org.opensuse.security:def:36421	P	imlib-1.9.14-401.20 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:26046	P	Security update for libxml2 (Moderate)	2021-05-05
oval:org.opensuse.security:def:25971	P	Security update for fontforge (Moderate)	2020-12-04
oval:org.opensuse.security:def:25970	P	Security update for gdm (Important)	2020-12-03
oval:org.opensuse.security:def:26746	P	libfreebl3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26312	P	Security update for dnsmasq (Important)	2020-12-01
oval:org.opensuse.security:def:26649	P	wireshark on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27384	P	cups-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26396	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:26688	P	ecryptfs-utils-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27419	P	imlib on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26547	P	freeradius-server on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26702	P	fuse on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26255	P	Security update for libqt4 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26600	P	librpcsecgss on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25982	P	Security update for bash (Moderate)	2020-12-01

BACK