6.8

CVE-2007-1797

Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which results in a heap-based overflow in the ReadXWDImage function, different issues than CVE-2007-1667.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ImagemagickImagemagick Version6.3.0.0
ImagemagickImagemagick Version6.3.0.1
ImagemagickImagemagick Version6.3.0.2
ImagemagickImagemagick Version6.3.0.3
ImagemagickImagemagick Version6.3.0.4
ImagemagickImagemagick Version6.3.0.5
ImagemagickImagemagick Version6.3.0.7
ImagemagickImagemagick Version6.3.0.8
ImagemagickImagemagick Version6.3.1.0
ImagemagickImagemagick Version6.3.1.1
ImagemagickImagemagick Version6.3.1.2.
ImagemagickImagemagick Version6.3.1.3
ImagemagickImagemagick Version6.3.1.4
ImagemagickImagemagick Version6.3.1.5
ImagemagickImagemagick Version6.3.1.6
ImagemagickImagemagick Version6.3.1.7
ImagemagickImagemagick Version6.3.2.0
ImagemagickImagemagick Version6.3.2.1
ImagemagickImagemagick Version6.3.2.2
ImagemagickImagemagick Version6.3.2.3
ImagemagickImagemagick Version6.3.2.4
ImagemagickImagemagick Version6.3.2.5
ImagemagickImagemagick Version6.3.2.6
ImagemagickImagemagick Version6.3.2.7
ImagemagickImagemagick Version6.3.2.8
ImagemagickImagemagick Version6.3.3.0
ImagemagickImagemagick Version6.3.3.1
ImagemagickImagemagick Version6.3.3.2
ImagemagickImagemagick Version6.3.3.3
ImagemagickImagemagick Version6.3.3.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.53% 0.877
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.imagemagick.org/script/changelog.php
http://secunia.com/advisories/25072
http://www.novell.com/linux/security/advisories/2007_8_sr.html
http://secunia.com/advisories/24739
http://secunia.com/advisories/25992
http://secunia.com/advisories/26177
http://secunia.com/advisories/36260
http://www.debian.org/security/2009/dsa-1858
http://www.mandriva.com/security/advisories?name=MDKSA-2007:147
http://www.ubuntu.com/usn/usn-481-1
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=496
Patch
Vendor Advisory
http://secunia.com/advisories/24721
http://secunia.com/advisories/25206
http://secunia.com/advisories/29786
http://secunia.com/advisories/29857
http://security.gentoo.org/glsa/glsa-200705-13.xml
http://www.redhat.com/support/errata/RHSA-2008-0145.html
http://www.redhat.com/support/errata/RHSA-2008-0165.html
http://www.securityfocus.com/bid/23252
http://www.securityfocus.com/bid/23347
http://www.securitytracker.com/id?1017839
http://www.vupen.com/english/advisories/2007/1200
https://exchange.xforce.ibmcloud.com/vulnerabilities/33376
https://exchange.xforce.ibmcloud.com/vulnerabilities/33377
https://issues.foresightlinux.org/browse/FL-222
https://issues.rpath.com/browse/RPL-1205
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9254