CVE-2007-1797 — Imagemagick vulnerability

9 documents7 sources

Severity

6.8MEDIUMNVD

OSV9.3

EPSS

15.6%

top 5.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Graphicsmagick Imagemagick Debian Graphicsmagick +1 more

Timeline

PublishedApr 2

Latest updateMay 1

Description

Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which results in a heap-based overflow in the ReadXWDImage function, different issues than CVE-2007-1667.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages5 packages

▶debiandebian/imagemagick< graphicsmagick 1.1.7-15 (bookworm)

▶Debianimagemagick/imagemagick< 7:6.2.4.5.dfsg1-1+3

▶NVDimagemagick/imagemagick30 versions+29

▶debiandebian/graphicsmagick< graphicsmagick 1.1.7-15 (bookworm)

▶Debiangraphicsmagick/graphicsmagick< 1.1.7-15+3

Patches

Patch: labs.idefense.com ↗Patch: labs.idefense.com ↗

🔴Vulnerability Details

GHSA

GHSA-r8m6-cvrj-9326: Multiple integer overflows in ImageMagick before 6↗2022-05-01

▶

OSV

CVE-2007-1797: Multiple integer overflows in ImageMagick before 6↗2007-04-02

▶

📋Vendor Advisories

Ubuntu

ImageMagick vulnerabilities↗2007-07-10

▶

Red Hat

Heap overflow in ImageMagick's DCM and XWD coders↗2007-03-31

▶

Debian

CVE-2007-1797: graphicsmagick - Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers ...↗2007

▶

💬Community

Bugzilla

CVE-2008-6070, CVE-2008-6071, CVE-2008-6072, CVE-2008-6621 multiple security issues in ImageMagick↗2009-08-07

▶

Bugzilla

CVE-2007-1797 Heap overflow in ImageMagick's DCM and XWD coders↗2007-04-03

▶

Bugzilla

CVE-2007-1797 Heap overflow in ImageMagick's DCM and XWD coders↗2007-04-03

▶