ID CVE-2007-4987 Type cve Reporter NVD Modified 2017-07-28T21:33:19
Description
Off-by-one error in the ReadBlobString function in blob.c in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a '\0' character to an out-of-bounds address.
{"result": {"seebug": [{"id": "SSV:2248", "type": "seebug", "title": "ImageMagick blob.c\u6587\u4ef6\u5355\u5b57\u8282\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e", "description": "BUGTRAQ ID: 25766\r\nCVE(CAN) ID: CVE-2007-4987\r\n\r\nImageMagick\u662f\u4e00\u6b3eUnix/Linux\u5e73\u53f0\u4e0b\u5f00\u6e90\u7684\u56fe\u50cf\u67e5\u770b\u548c\u7f16\u8f91\u5de5\u5177\u3002\r\n\r\nImageMagick\u5728\u5904\u7406\u7578\u5f62\u683c\u5f0f\u7684\u6587\u4ef6\u65f6\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u6253\u5f00\u5904\u7406\u6076\u610f\u6587\u4ef6\u63a7\u5236\u7cfb\u7edf\u3002\r\n\r\nmagick/blob.c\u6587\u4ef6\u4e2d\u7684ReadBlobString()\u51fd\u6570\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff1a\r\n\r\n 3110 for (i=0; i < (long) MaxTextExtent; i++)\r\n 3111 {\r\n 3112 p=ReadBlobStream(image,1,buffer,&count);\r\n ...\r\n 3119 string[i]=(char) (*p);\r\n 3120 if ((string[i] == '\\n') || (string[i] == '\\r'))\r\n 3121 break;\r\n 3122 }\r\n 3123 string[i]='\\0';\r\n\r\nstring\u53d8\u91cf\u662fMaxTextExtent\u957f\u5ea6\u7684\u5b57\u7b26\u6570\u7ec4\uff0c\u5982\u679c\u201ci\u201d\u6070\u597d\u4e3aMaxTextExtent\u7684\u8bdd\u5c31\u4f1a\u57283123\u884c\u89e6\u53d1\u5355\u5b57\u8282\u6ea2\u51fa\u3002\u6709\u591a\u4e2a\u56fe\u5f62\u6587\u4ef6\u5904\u7406\u4f8b\u7a0b\u53ef\u4ee5\u89e6\u53d1\u8fd9\u4e2a\u51fd\u6570\uff0c\u5927\u591a\u6570\u60c5\u51b5\u4e0b\u89e6\u53d1\u7684\u90fd\u662f\u6808\u6ea2\u51fa\uff0c\u4f46\u4e5f\u53ef\u80fd\u4e3a\u5806\u6ea2\u51fa\u3002\r\n\r\n\n\nImageMagick ImageMagick < 6.3.5-9\n \u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=\"ftp://ftp.imagemagick.org/pub/ImageMagick/ImageMagick-6.3.5-10.tar.gz\" target=\"_blank\">ftp://ftp.imagemagick.org/pub/ImageMagick/ImageMagick-6.3.5-10.tar.gz</a>", "published": "2007-09-25T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.seebug.org/vuldb/ssvid-2248", "cvelist": ["CVE-2007-4987"], "lastseen": "2017-11-19T21:57:39"}], "openvas": [{"id": "OPENVAS:840140", "type": "openvas", "title": "Ubuntu Update for imagemagick vulnerabilities USN-523-1", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-523-1", "published": "2009-03-23T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=840140", "cvelist": ["CVE-2007-4985", "CVE-2007-4986", "CVE-2007-4988", "CVE-2007-4987"], "lastseen": "2017-12-04T11:29:33"}, {"id": "OPENVAS:58785", "type": "openvas", "title": "FreeBSD Ports: ImageMagick, ImageMagick-nox11", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2008-09-04T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=58785", "cvelist": ["CVE-2007-4985", "CVE-2007-4986", "CVE-2007-4988", "CVE-2007-4987"], "lastseen": "2017-07-02T21:10:14"}, {"id": "OPENVAS:830377", "type": "openvas", "title": "Mandriva Update for ImageMagick MDVSA-2008:035 (ImageMagick)", "description": "Check for the Version of ImageMagick", "published": "2009-04-09T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=830377", "cvelist": ["CVE-2007-4985", "CVE-2007-4986", "CVE-2007-4988", "CVE-2007-4987"], "lastseen": "2017-07-24T12:57:14"}, {"id": "OPENVAS:1361412562310830377", "type": "openvas", "title": "Mandriva Update for ImageMagick MDVSA-2008:035 (ImageMagick)", "description": "Check for the Version of ImageMagick", "published": "2009-04-09T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830377", "cvelist": ["CVE-2007-4985", "CVE-2007-4986", "CVE-2007-4988", "CVE-2007-4987"], "lastseen": "2018-04-09T11:41:50"}, {"id": "OPENVAS:58706", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200710-27 (imagemagick)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200710-27.", "published": "2008-09-24T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=58706", "cvelist": ["CVE-2007-4985", "CVE-2007-4986", "CVE-2007-4988", "CVE-2007-4987"], "lastseen": "2017-07-24T12:50:11"}, {"id": "OPENVAS:136141256231064637", "type": "openvas", "title": "Debian Security Advisory DSA 1858-1 (imagemagick)", "description": "The remote host is missing an update to imagemagick\nannounced via advisory DSA 1858-1.", "published": "2009-08-17T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064637", "cvelist": ["CVE-2007-4985", "CVE-2007-4986", "CVE-2007-1667", "CVE-2007-4988", "CVE-2007-4987", "CVE-2008-1096", "CVE-2008-1097", "CVE-2007-1797", "CVE-2009-1882"], "lastseen": "2018-04-06T11:37:23"}, {"id": "OPENVAS:64637", "type": "openvas", "title": "Debian Security Advisory DSA 1858-1 (imagemagick)", "description": "The remote host is missing an update to imagemagick\nannounced via advisory DSA 1858-1.", "published": "2009-08-17T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=64637", "cvelist": ["CVE-2007-4985", "CVE-2007-4986", "CVE-2007-1667", "CVE-2007-4988", "CVE-2007-4987", "CVE-2008-1096", "CVE-2008-1097", "CVE-2007-1797", "CVE-2009-1882"], "lastseen": "2017-07-24T12:56:05"}], "nessus": [{"id": "SUSE_IMAGEMAGICK-4543.NASL", "type": "nessus", "title": "openSUSE 10 Security Update : ImageMagick (ImageMagick-4543)", "description": "This update of ImageMagick fixes several vulnerabilities.\n\n - CVE-2007-4985: infinite loop while parsing images\n\n - CVE-2007-4986: integer overflows that can lead to code execution\n\n - CVE-2007-4987: one-byte buffer overflow that can lead to code execution (SLES8- and SLES9-based products are not affected)\n\n - CVE-2007-4988: integer overflows that can lead to code execution", "published": "2007-11-01T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=27604", "cvelist": ["CVE-2007-4985", "CVE-2007-4986", "CVE-2007-4988", "CVE-2007-4987"], "lastseen": "2017-10-29T13:37:22"}, {"id": "UBUNTU_USN-523-1.NASL", "type": "nessus", "title": "Ubuntu 6.06 LTS / 6.10 / 7.04 : imagemagick vulnerabilities (USN-523-1)", "description": "Multiple vulnerabilities were found in the image decoders of ImageMagick. If a user or automated system were tricked into processing a malicious DCM, DIB, XBM, XCF, or XWD image, a remote attacker could execute arbitrary code with user privileges.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2007-11-10T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=28128", "cvelist": ["CVE-2007-4985", "CVE-2007-4986", "CVE-2007-4988", "CVE-2007-4987"], "lastseen": "2017-10-29T13:34:22"}, {"id": "MANDRIVA_MDVSA-2008-035.NASL", "type": "nessus", "title": "Mandriva Linux Security Advisory : ImageMagick (MDVSA-2008:035)", "description": "Multiple vulnerabilities were discovered in the image decoders of ImageMagick. If a user or automated system were tricked into processing malicious DCM, DIB, XBM, XCF, or XWD images, a remote attacker could execute arbitrary code with user privileges.\n\nThe updated packages have been patched to correct these issues.", "published": "2009-04-23T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=37331", "cvelist": ["CVE-2007-4985", "CVE-2007-4986", "CVE-2007-4988", "CVE-2007-4987"], "lastseen": "2017-10-29T13:41:39"}, {"id": "FREEBSD_PKG_F5B29EC071F911DC8C6A00304881AC9A.NASL", "type": "nessus", "title": "FreeBSD : ImageMagick -- multiple vulnerabilities (f5b29ec0-71f9-11dc-8c6a-00304881ac9a)", "description": "Multiple vulnerabilities have been discovered in ImageMagick.\n\nImageMagick before 6.3.5-9 allows context-dependent attackers to cause a denial of service via a crafted image file that triggers (1) an infinite loop in the ReadDCMImage function, related to ReadBlobByte function calls; or (2) an infinite loop in the ReadXCFImage function, related to ReadBlobMSBLong function calls.\n\nMultiple integer overflows in ImageMagick before 6.3.5-9 allow context-dependent attackers to execute arbitrary code via a crafted (1) .dcm, (2) .dib, (3) .xbm, (4) .xcf, or (5) .xwd image file, which triggers a heap-based buffer overflow.\n\nOff-by-one error in the ReadBlobString function in blob.c in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a '\\0' character to an out-of-bounds address.\n\nSign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow.", "published": "2007-10-12T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=26978", "cvelist": ["CVE-2007-4985", "CVE-2007-4986", "CVE-2007-4988", "CVE-2007-4987"], "lastseen": "2017-10-29T13:36:39"}, {"id": "SUSE_IMAGEMAGICK-4541.NASL", "type": "nessus", "title": "SuSE 10 Security Update : ImageMagick (ZYPP Patch Number 4541)", "description": "This update of ImageMagick fixes several vulnerabilities.\n\n - infinite loop while parsing images. (CVE-2007-4985)\n\n - integer overflows that can lead to code execution.\n (CVE-2007-4986)\n\n - one-byte buffer overflow that can lead to code execution (SLES8- and SLES9-based products are not affected).\n (CVE-2007-4987)\n\n - integer overflows that can lead to code execution.\n (CVE-2007-4988)", "published": "2007-12-13T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=29353", "cvelist": ["CVE-2007-4985", "CVE-2007-4986", "CVE-2007-4988", "CVE-2007-4987"], "lastseen": "2017-10-29T13:36:45"}, {"id": "SUSE_GRAPHICSMAGICK-4539.NASL", "type": "nessus", "title": "openSUSE 10 Security Update : GraphicsMagick (GraphicsMagick-4539)", "description": "This update of GraphicsMagick fixes several vulnerabilities.\n\n - CVE-2007-4985: infinite loop while parsing images\n\n - CVE-2007-4986: integer overflows that can lead to code execution\n\n - CVE-2007-4987: one-byte buffer overflow that can lead to code execution\n\n - CVE-2007-4988: integer overflows that can lead to code execution", "published": "2007-11-01T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=27603", "cvelist": ["CVE-2007-4985", "CVE-2007-4986", "CVE-2007-4988", "CVE-2007-4987"], "lastseen": "2017-10-29T13:35:46"}, {"id": "GENTOO_GLSA-200710-27.NASL", "type": "nessus", "title": "GLSA-200710-27 : ImageMagick: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-200710-27 (ImageMagick: Multiple vulnerabilities)\n\n regenrecht reported multiple infinite loops in functions ReadDCMImage() and ReadXCFImage() (CVE-2007-4985), multiple integer overflows when handling certain types of images (CVE-2007-4986, CVE-2007-4988), and an off-by-one error in the ReadBlobString() function (CVE-2007-4987).\n Impact :\n\n A remote attacker could entice a user to open a specially crafted image, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application, or an excessive CPU consumption. Note that applications relying on ImageMagick to process images can also trigger the vulnerability.\n Workaround :\n\n There is no known workaround at this time.", "published": "2007-10-25T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=27559", "cvelist": ["CVE-2007-4985", "CVE-2007-4986", "CVE-2007-4988", "CVE-2007-4987"], "lastseen": "2017-10-29T13:40:30"}, {"id": "DEBIAN_DSA-1858.NASL", "type": "nessus", "title": "Debian DSA-1858-1 : imagemagick - multiple vulnerabilities", "description": "Several vulnerabilities have been discovered in the imagemagick image manipulation programs which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2007-1667 Multiple integer overflows in XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. It only affects the oldstable distribution (etch).\n\n - CVE-2007-1797 Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted DCM image, or the colors or comments field in a crafted XWD image. It only affects the oldstable distribution (etch).\n\n - CVE-2007-4985 A crafted image file can trigger an infinite loop in the ReadDCMImage function or in the ReadXCFImage function.\n It only affects the oldstable distribution (etch).\n\n - CVE-2007-4986 Multiple integer overflows allow context-dependent attackers to execute arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file, which triggers a heap-based buffer overflow. It only affects the oldstable distribution (etch).\n\n - CVE-2007-4987 Off-by-one error allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a '\\0' character to an out-of-bounds address. It affects only the oldstable distribution (etch).\n\n - CVE-2007-4988 A sign extension error allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. It affects only the oldstable distribution (etch).\n\n - CVE-2008-1096 The load_tile function in the XCF coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write. It affects only to oldstable (etch).\n\n - CVE-2008-1097 Heap-based buffer overflow in the PCX coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption. It affects only to oldstable (etch).\n\n - CVE-2009-1882 Integer overflow allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow.", "published": "2010-02-24T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=44723", "cvelist": ["CVE-2007-4985", "CVE-2007-4986", "CVE-2007-1667", "CVE-2007-4988", "CVE-2007-4987", "CVE-2008-1096", "CVE-2008-1097", "CVE-2007-1797", "CVE-2009-1882"], "lastseen": "2018-07-10T06:14:54"}], "gentoo": [{"id": "GLSA-200710-27", "type": "gentoo", "title": "ImageMagick: Multiple vulnerabilities", "description": "### Background\n\nImageMagick is a collection of tools and libraries for manipulating various image formats. \n\n### Description\n\nregenrecht reported multiple infinite loops in functions ReadDCMImage() and ReadXCFImage() (CVE-2007-4985), multiple integer overflows when handling certain types of images (CVE-2007-4986, CVE-2007-4988), and an off-by-one error in the ReadBlobString() function (CVE-2007-4987). \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted image, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application, or an excessive CPU consumption. Note that applications relying on ImageMagick to process images can also trigger the vulnerability. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll ImageMagick users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-gfx/imagemagick-6.3.5.10\"", "published": "2007-10-24T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/200710-27", "cvelist": ["CVE-2007-4985", "CVE-2007-4986", "CVE-2007-4988", "CVE-2007-4987"], "lastseen": "2016-09-06T19:46:27"}], "freebsd": [{"id": "F5B29EC0-71F9-11DC-8C6A-00304881AC9A", "type": "freebsd", "title": "ImageMagick -- multiple vulnerabilities", "description": "\nMultiple vulnerabilities have been discovered in ImageMagick.\n\nImageMagick before 6.3.5-9 allows context-dependent attackers\n\t to cause a denial of service via a crafted image file that\n\t triggers (1) an infinite loop in the ReadDCMImage function,\n\t related to ReadBlobByte function calls; or (2) an infinite\n\t loop in the ReadXCFImage function, related to ReadBlobMSBLong\n\t function calls.\n\n\nMultiple integer overflows in ImageMagick before 6.3.5-9\n\t allow context-dependent attackers to execute arbitrary code\n\t via a crafted (1) .dcm, (2) .dib, (3) .xbm, (4) .xcf, or (5)\n\t .xwd image file, which triggers a heap-based buffer overflow.\n\n\nOff-by-one error in the ReadBlobString function in blob.c in\n\t ImageMagick before 6.3.5-9 allows context-dependent attackers\n\t to execute arbitrary code via a crafted image file, which\n\t triggers the writing of a '\\0' character to an out-of-bounds\n\t address.\n\n\nSign extension error in the ReadDIBImage function in\n\t ImageMagick before 6.3.5-9 allows context-dependent attackers\n\t to execute arbitrary code via a crafted width value in an\n\t image file, which triggers an integer overflow and a\n\t heap-based buffer overflow.\n\n", "published": "2007-09-19T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vuxml.freebsd.org/freebsd/f5b29ec0-71f9-11dc-8c6a-00304881ac9a.html", "cvelist": ["CVE-2007-4985", "CVE-2007-4986", "CVE-2007-4988", "CVE-2007-4987"], "lastseen": "2016-09-26T17:25:00"}], "ubuntu": [{"id": "USN-523-1", "type": "ubuntu", "title": "ImageMagick vulnerabilities", "description": "Multiple vulnerabilities were found in the image decoders of ImageMagick. If a user or automated system were tricked into processing a malicious DCM, DIB, XBM, XCF, or XWD image, a remote attacker could execute arbitrary code with user privileges.", "published": "2007-10-03T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/523-1/", "cvelist": ["CVE-2007-4985", "CVE-2007-4986", "CVE-2007-4988", "CVE-2007-4987"], "lastseen": "2018-03-29T18:21:21"}], "debian": [{"id": "DSA-1858", "type": "debian", "title": "imagemagick -- multiple vulnerabilities", "description": "Several vulnerabilities have been discovered in the imagemagick image manipulation programs which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS. The Common Vulnerabilities and Exposures project identifies the following problems:\n\n * [CVE-2007-1667](<https://security-tracker.debian.org/tracker/CVE-2007-1667>)\n\nMultiple integer overflows in XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. It only affects the oldstable distribution (etch).\n\n * [CVE-2007-1797](<https://security-tracker.debian.org/tracker/CVE-2007-1797>)\n\nMultiple integer overflows allow remote attackers to execute arbitrary code via a crafted DCM image, or the colors or comments field in a crafted XWD image. It only affects the oldstable distribution (etch).\n\n * [CVE-2007-4985](<https://security-tracker.debian.org/tracker/CVE-2007-4985>)\n\nA crafted image file can trigger an infinite loop in the ReadDCMImage function or in the ReadXCFImage function. It only affects the oldstable distribution (etch).\n\n * [CVE-2007-4986](<https://security-tracker.debian.org/tracker/CVE-2007-4986>)\n\nMultiple integer overflows allow context-dependent attackers to execute arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file, which triggers a heap-based buffer overflow. It only affects the oldstable distribution (etch).\n\n * [CVE-2007-4987](<https://security-tracker.debian.org/tracker/CVE-2007-4987>)\n\nOff-by-one error allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a '\\0' character to an out-of-bounds address. It affects only the oldstable distribution (etch).\n\n * [CVE-2007-4988](<https://security-tracker.debian.org/tracker/CVE-2007-4988>)\n\nA sign extension error allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. It affects only the oldstable distribution (etch).\n\n * [CVE-2008-1096](<https://security-tracker.debian.org/tracker/CVE-2008-1096>)\n\nThe load_tile function in the XCF coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write. It affects only to oldstable (etch).\n\n * [CVE-2008-1097](<https://security-tracker.debian.org/tracker/CVE-2008-1097>)\n\nHeap-based buffer overflow in the PCX coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption. It affects only to oldstable (etch).\n\n * [CVE-2009-1882](<https://security-tracker.debian.org/tracker/CVE-2009-1882>)\n\nInteger overflow allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow.\n\nFor the old stable distribution (etch), these problems have been fixed in version 7:6.2.4.5.dfsg1-0.15+etch1.\n\nFor the stable distribution (lenny), these problems have been fixed in version 7:6.3.7.9.dfsg2-1~lenny3.\n\nFor the upcoming stable distribution (squeeze) and the unstable distribution (sid), these problems have been fixed in version 7:6.5.1.0-1.1.\n\nWe recommend that you upgrade your imagemagick packages.", "published": "2009-08-10T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-1858", "cvelist": ["CVE-2007-4985", "CVE-2007-4986", "CVE-2007-1667", "CVE-2007-4988", "CVE-2007-4987", "CVE-2008-1096", "CVE-2008-1097", "CVE-2007-1797", "CVE-2009-1882"], "lastseen": "2016-09-02T18:30:25"}]}}
