QwikSec

Security Database

CVE

CWE

Training

CVE-2007-4988

Published: Sep 24, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_REDHAT

20071112 FLEA-2007-0066-1 ImageMagick

mailing-list

x_refsource_BUGTRAQ

vendor-advisory

x_refsource_UBUNTU

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_BID

http://www.imagemagick.org/script/changelog.php

x_refsource_CONFIRM

vdb-entry

x_refsource_VUPEN

20070919 Multiple Vendor ImageMagick Sign Extension Vulnerability

third-party-advisory

x_refsource_IDEFENSE

vendor-advisory

x_refsource_GENTOO

vdb-entry

x_refsource_SECTRACK

third-party-advisory

x_refsource_SECUNIA

imagemagick-readdibimage-bo(36737)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

https://issues.rpath.com/browse/RPL-1743

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

[Magick-announce] 20070917 ImageMagick 6.3.5-9, important security updates

mailing-list

x_refsource_MLIST

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_MANDRIVA

oval:org.mitre.oval:def:9656

vdb-entry

signature

x_refsource_OVAL

http://bugs.gentoo.org/show_bug.cgi?id=186030

x_refsource_CONFIRM

SUSE-SR:2007:023

vendor-advisory

x_refsource_SUSE

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.