CVE-2007-1797

Loading...

General

Score:6.8/10.0
Severity:Medium
Category:Numeric Error

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Relative vulnerabilities

CVE-2007-4985, CVE-2007-4986, CVE-2007-4988, CVE-2008-1096, CVE-2008-1097

Published on 03/04/07 - Updated on 11/10/17

Description

Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which results in a heap-based overflow in the ReadXWDImage function, different issues than CVE-2007-1667.

Category: Numeric Error

CWE-189 (Numeric Errors)
Weaknesses in this category are related to improper calculation or conversion of numbers.

Security Notices

US National Vulnerability DatabaseCVE-2007-1797
Agence Nationale de la Sécurité des Systèmes d'Information CERTA-2007-AVI-152
CentOS CESA-2008:0145
Redhat RHSA-2008:0145

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
imagemagickimagemagick

Share this vulnerability with:

Twitter Facebook LinkedIn Mail