6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.27 Low
EPSS
Percentile
96.3%
ImageMagick is an image display and manipulation tool for the X Window
System that can read and write multiple image formats.
Several heap-based buffer overflow flaws were found in ImageMagick. If a
victim opened a specially-crafted DCM or XWD file, an attacker could
potentially execute arbitrary code on the victimβs machine. (CVE-2007-1797)
Several denial of service flaws were found in ImageMagickβs parsing of XCF
and DCM files. Attempting to process a specially crafted input file in
these formats could cause ImageMagick to enter an infinite loop.
(CVE-2007-4985)
Several integer overflow flaws were found in ImageMagick. If a victim
opened a specially-crafted DCM, DIB, XBM, XCF or XWD file, an attacker
could potentially execute arbitrary code with the privileges of the user
running ImageMagick. (CVE-2007-4986)
A heap-based buffer overflow flaw was found in ImageMagickβs processing of
certain malformed PCX images. If a victim opened a specially-crafted PCX
file, an attacker could possibly execute arbitrary code with the privileges
of the user running ImageMagick⦠(CVE-2008-1097)
All users of ImageMagick should upgrade to these updated packages, which
contain backported patches to correct these issues.