cbcvebase.
CVE-2007-2237
published 2007-06-06

CVE-2007-2237: Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an…

PriorityP419medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
EXPLOIT
EPSS
15.42%
96.4th percentile
Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, which triggers a divide-by-zero error.

Affected

6 ranges
VendorProductVersion rangeFixed in
debiangimp< gimp 2.8.22-1 (bookworm)gimp 2.8.22-1 (bookworm)
gimpgimp< 2.8.222.8.22
gimpgimp>= 0 < 2.8.22-12.8.22-1
gimpgimp>= 0 < 2.8.22-12.8.22-1
gimpgimp>= 0 < 2.8.22-12.8.22-1
gimpgimp>= 0 < 2.8.22-12.8.22-1

Detection & IOCsextracted from sources · hover to see the quote

urlhttps://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/4044.zip
urlhttps://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/30160.ico.zip
filenamehighsecu.ico
  • Detect ICO files where the InfoHeader Height field is set to zero — this triggers a divide-by-zero in GdiPlus.dll and is the core exploit condition for CVE-2007-2237.
  • Monitor Windows Explorer and Picture and Fax Viewer processes for crashes or unexpected termination when processing ICO files, as these applications were specifically identified as vulnerable.
  • Inspect ICO files delivered via web or email for a zero-value Height field in the BITMAPINFOHEADER (InfoHeader) structure; such files should be treated as malicious.
  • ·The vulnerable component is GdiPlus.dll (GDI+); any application on Windows that uses this library to render ICO files is potentially affected, not just the explicitly named applications.
  • ·A closely related issue (CVE-2007-3126) affects GIMP before 2.8.22 with the same ICO/InfoHeader Height=0 trigger; detection logic for malformed ICO files should cover both CVEs.

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.07.1HIGHAV:N/AC:M/Au:N/C:N/I:N/A:C
osv5.5MEDIUM
vendor_debian5.5LOW
vendor_redhat5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.