Lucene search

[email protected]NVD:CVE-2007-4987

HistorySep 24, 2007 - 10:17 p.m.

CVE-2007-4987

2007-09-2422:17:00

CWE-189

[email protected]

web.nvd.nist.gov

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

74.3%

JSON

Off-by-one error in the ReadBlobString function in blob.c in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a ‘\0’ character to an out-of-bounds address.

Affected configurations

NVD

Node

imagemagickimagemagickMatch5.3.3

imagemagickimagemagickMatch5.3.8

imagemagickimagemagickMatch5.4.2.3

imagemagickimagemagickMatch5.4.3

imagemagickimagemagickMatch5.4.4.5

imagemagickimagemagickMatch5.4.7

imagemagickimagemagickMatch5.4.8

imagemagickimagemagickMatch5.4.8.2_1.1.0

imagemagickimagemagickMatch5.5.3_.2_1.2.0

imagemagickimagemagickMatch5.5.4

imagemagickimagemagickMatch5.5.6

imagemagickimagemagickMatch5.5.6.0_20030409

imagemagickimagemagickMatch5.5.7

imagemagickimagemagickMatch5.5.7.15

imagemagickimagemagickMatch6.0

imagemagickimagemagickMatch6.0.1

imagemagickimagemagickMatch6.0.2

imagemagickimagemagickMatch6.0.2.5

imagemagickimagemagickMatch6.0.3

imagemagickimagemagickMatch6.0.4

imagemagickimagemagickMatch6.0.4.4

imagemagickimagemagickMatch6.0.5

imagemagickimagemagickMatch6.0.6

imagemagickimagemagickMatch6.0.6.2

imagemagickimagemagickMatch6.0.7

imagemagickimagemagickMatch6.0.8

imagemagickimagemagickMatch6.1

imagemagickimagemagickMatch6.1.1

imagemagickimagemagickMatch6.1.2

imagemagickimagemagickMatch6.1.3

imagemagickimagemagickMatch6.1.4

imagemagickimagemagickMatch6.1.5

imagemagickimagemagickMatch6.1.6

imagemagickimagemagickMatch6.1.7

imagemagickimagemagickMatch6.1.8

imagemagickimagemagickMatch6.2

imagemagickimagemagickMatch6.2.0.3

imagemagickimagemagickMatch6.2.0.7

imagemagickimagemagickMatch6.2.1

imagemagickimagemagickMatch6.2.2

imagemagickimagemagickMatch6.2.3

imagemagickimagemagickMatch6.2.3.4

imagemagickimagemagickMatch6.2.4

imagemagickimagemagickMatch6.2.4.3

imagemagickimagemagickMatch6.2.4.5

imagemagickimagemagickMatch6.2.5

imagemagickimagemagickMatch6.2.6

imagemagickimagemagickMatch6.2.7

imagemagickimagemagickMatch6.2.8

imagemagickimagemagickMatch6.2.9

imagemagickimagemagickMatch6.2.9.2

imagemagickimagemagickMatch6.3.1

imagemagickimagemagickMatch6.3.2

imagemagickimagemagickMatch6.3.3_3

imagemagickimagemagickMatch6.3.3_5

imagemagickimagemagickMatch6.3.3_6

imagemagickimagemagickMatch6.3.4

References

bugs.gentoo.org/show_bug.cgi?id=186030

labs.idefense.com/intelligence/vulnerabilities/display.php?id=595

secunia.com/advisories/26926

secunia.com/advisories/27048

secunia.com/advisories/27309

secunia.com/advisories/27364

secunia.com/advisories/27439

secunia.com/advisories/28721

secunia.com/advisories/36260

security.gentoo.org/glsa/glsa-200710-27.xml

studio.imagemagick.org/pipermail/magick-announce/2007-September/000037.html

www.debian.org/security/2009/dsa-1858

www.imagemagick.org/script/changelog.php

www.mandriva.com/en/security/advisories?name=MDVSA-2008:035

www.novell.com/linux/security/advisories/2007_23_sr.html

www.securityfocus.com/archive/1/483572/100/0/threaded

www.securityfocus.com/bid/25766

www.securitytracker.com/id?1018729

www.ubuntu.com/usn/usn-523-1

www.vupen.com/english/advisories/2007/3245

exchange.xforce.ibmcloud.com/vulnerabilities/36739

issues.rpath.com/browse/RPL-1743

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

74.3%

JSON

Related for NVD:CVE-2007-4987

cve1 seebug1 prion1 securityvulns2 ubuntucve1 cvelist1 debiancve1 nessus8 openvas10 ubuntu1 gentoo1 freebsd1 debian1 osv1