CVE-2007-6697

Exploit

EPSS 10.73%
Veröffentlicht 01.02.2008 20:00:00
Zuletzt bearbeitet 16.06.2026 22:48:35
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, a similar issue to CVE-2006-4484.  NOTE: some of these details are obtained from third party information.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 27

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sdl ≫ Sdl Image Version <= 1.2.6

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	10.73%	0.953

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://secunia.com/advisories/28837

http://bugs.gentoo.org/show_bug.cgi?id=207933

http://marc.info/?l=bugtraq&m=120110205511630&w=2

Exploit

http://secunia.com/advisories/28640

Vendor Advisory

http://secunia.com/advisories/28752

http://secunia.com/advisories/28830

http://secunia.com/advisories/28850

http://secunia.com/advisories/28869

http://secunia.com/advisories/29542

http://vexillium.org/?sec-sdlgif

Exploit

http://wiki.rpath.com/Advisories:rPSA-2008-0061

http://www.debian.org/security/2008/dsa-1493

http://www.gentoo.org/security/en/glsa/glsa-200802-01.xml

http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/CHANGES?revision=3462&view=markup

Patch

http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/IMG_gif.c?r1=2970&r2=3462

Exploit

http://www.mandriva.com/security/advisories?name=MDVSA-2008:040

http://www.securityfocus.com/archive/1/488079/100/0/threaded

http://www.securityfocus.com/bid/27417

http://www.ubuntu.com/usn/usn-595-1

http://www.vupen.com/english/advisories/2008/0266

https://exchange.xforce.ibmcloud.com/vulnerabilities/39865

https://issues.rpath.com/browse/RPL-2206

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00008.html

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00039.html

https://nvd.nist.gov/vuln/detail/CVE-2007-6697

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-6697

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-6697

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2007-6697