7.8

CVE-2007-4988

Exploit

Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ImagemagickImagemagick Version < 6.3.5-9
CanonicalUbuntu Linux Version6.06
CanonicalUbuntu Linux Version6.10
CanonicalUbuntu Linux Version7.04
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.99% 0.82
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-681 Incorrect Conversion between Numeric Types

When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.

http://www.debian.org/security/2009/dsa-1858
Third Party Advisory
Mailing List
http://www.securityfocus.com/archive/1/483572/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id?1018729
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/25765
Patch
Third Party Advisory
Exploit
Broken Link
VDB Entry