Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2007-1797

Published: 02/04/2007 Updated: 11/10/2017
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Imagemagick

Vulnerability Summary

Multiple integer overflows in ImageMagick prior to 6.3.3-5 allow remote malicious users to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which results in a heap-based overflow in the ReadXWDImage function, different issues than CVE-2007-1667.

Vulnerable Product Search on Vulmon Subscribe to Product

imagemagick imagemagick 6.3.0.0

imagemagick imagemagick 6.3.0.1

imagemagick imagemagick 6.3.1.0

imagemagick imagemagick 6.3.1.1

imagemagick imagemagick 6.3.2.0

imagemagick imagemagick 6.3.2.1

imagemagick imagemagick 6.3.3.0

imagemagick imagemagick 6.3.0.7

imagemagick imagemagick 6.3.0.8

imagemagick imagemagick 6.3.1.6

imagemagick imagemagick 6.3.1.7

imagemagick imagemagick 6.3.2.7

imagemagick imagemagick 6.3.2.8

imagemagick imagemagick 6.3.0.2

imagemagick imagemagick 6.3.0.3

imagemagick imagemagick 6.3.1.2.

imagemagick imagemagick 6.3.1.3

imagemagick imagemagick 6.3.2.2

imagemagick imagemagick 6.3.2.3

imagemagick imagemagick 6.3.3.2

imagemagick imagemagick 6.3.3.3

imagemagick imagemagick 6.3.3.1

imagemagick imagemagick 6.3.0.4

imagemagick imagemagick 6.3.0.5

imagemagick imagemagick 6.3.1.4

imagemagick imagemagick 6.3.1.5

imagemagick imagemagick 6.3.2.4

imagemagick imagemagick 6.3.2.5

imagemagick imagemagick 6.3.2.6

imagemagick imagemagick 6.3.3.4

Vendor Advisories

Ubuntu Security Notice: imagemagick vulnerabilities
Multiple vulnerabilities were found in ImageMagick’s handling of DCM and WXD image files By tricking a user into processing a specially crafted image with an application that uses imagemagick, an attacker could execute arbitrary code with the user’s privileges ...
Debian Security Advisories: DSA-1903-1 graphicsmagick -- several vulnerabilities
Several vulnerabilities have been discovered in graphicsmagick, a collection of image processing tool, which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-1667 Multiple integer overflows in XInitImage functi ...
Debian Security Advisories: DSA-1858-1 imagemagick -- multiple vulnerabilities
Several vulnerabilities have been discovered in the imagemagick image manipulation programs which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-1667 Multiple integer overflows in XInitImage function in xwd ...
Debian CVElist Bug Report Logs: CVE-2006-3743/-3744: ImageMagick XCF and Sun Rasterfile Buffer Overflows
Debian Bug report logs - #385062 CVE-2006-3743/-3744: ImageMagick XCF and Sun Rasterfile Buffer Overflows Package: imagemagick; Maintainer for imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Source for imagemagick is src:imagemagick (PTS, buildd, popcon) Reported by: Stefan Fritsch &l ...
Debian CVElist Bug Report Logs: libmagick: array index overflow in DisplayImageCommand
Debian Bug report logs - #345595 libmagick: array index overflow in DisplayImageCommand Package: imagemagick; Maintainer for imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Source for imagemagick is src:imagemagick (PTS, buildd, popcon) Reported by: Eero Häkkinen <eero17@bigfootc ...
Debian CVElist Bug Report Logs: libmagick9: Buffer overflow in SGI parser [CVE-2006-4144]
Debian Bug report logs - #383314 libmagick9: Buffer overflow in SGI parser [CVE-2006-4144] Package: libmagick9; Maintainer for libmagick9 is (unknown); Reported by: Martin Pitt <martinpitt@ubuntucom> Date: Wed, 16 Aug 2006 14:48:06 UTC Severity: grave Tags: fixed, patch, security Found in versions 6245dfsg1-09, 6:6 ...
Debian CVElist Bug Report Logs: [CVE-2005-4601] Shell command injection in delegate code (via file names)
Debian Bug report logs - #345238 [CVE-2005-4601] Shell command injection in delegate code (via file names) Package: imagemagick; Maintainer for imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Source for imagemagick is src:imagemagick (PTS, buildd, popcon) Reported by: Florian Weimer & ...
Debian CVElist Bug Report Logs: Buffer overflows in imagemagick
Debian Bug report logs - #393025 Buffer overflows in imagemagick Package: imagemagick; Maintainer for imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Source for imagemagick is src:imagemagick (PTS, buildd, popcon) Reported by: Stefan Fritsch <sf@sfritschde> Date: Sat, 14 Oct ...
Debian CVElist Bug Report Logs: [CVE-2006-0082] imagemagick: New format string vulnerability in SetImageInfo().
Debian Bug report logs - #345876 [CVE-2006-0082] imagemagick: New format string vulnerability in SetImageInfo() Package: imagemagick; Maintainer for imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Source for imagemagick is src:imagemagick (PTS, buildd, popcon) Reported by: Daniel Kob ...
Debian CVElist Bug Report Logs: imagemagick: Buffer overflow vulnerability in PALM coder. (CVE-2007-0770)
Debian Bug report logs - #410435 imagemagick: Buffer overflow vulnerability in PALM coder (CVE-2007-0770) Package: imagemagick; Maintainer for imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Source for imagemagick is src:imagemagick (PTS, buildd, popcon) Reported by: Daniel Kobras &l ...

References

CWE-189http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=496http://www.imagemagick.org/script/changelog.phphttp://www.securityfocus.com/bid/23347https://issues.foresightlinux.org/browse/FL-222https://issues.rpath.com/browse/RPL-1205http://www.securitytracker.com/id?1017839http://secunia.com/advisories/24721http://secunia.com/advisories/24739http://www.novell.com/linux/security/advisories/2007_8_sr.htmlhttp://www.securityfocus.com/bid/23252http://secunia.com/advisories/25072http://security.gentoo.org/glsa/glsa-200705-13.xmlhttp://secunia.com/advisories/25206http://www.mandriva.com/security/advisories?name=MDKSA-2007:147http://www.ubuntu.com/usn/usn-481-1http://secunia.com/advisories/25992http://secunia.com/advisories/26177http://www.redhat.com/support/errata/RHSA-2008-0145.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0165.htmlhttp://secunia.com/advisories/29786http://secunia.com/advisories/29857http://www.debian.org/security/2009/dsa-1858http://secunia.com/advisories/36260http://www.vupen.com/english/advisories/2007/1200https://exchange.xforce.ibmcloud.com/vulnerabilities/33377https://exchange.xforce.ibmcloud.com/vulnerabilities/33376https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9254https://usn.ubuntu.com/481-1/https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
client sideCVE-2023-31889template injectionCVE-2024-4304CVE-2006-4304CVE-2024-33272type confusionCVE-2024-21345CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook