CVE-2007-2459
published 2007-05-02CVE-2007-2459: Heap-based buffer overflow in the BMP reader (bmp.c) in Imager perl module (libimager-perl) 0.45 through 0.56 allows remote attackers to cause a denial of…
PriorityP336high7.8CVSS 2.0
AVNACLAuNCNINAC
EPSS
4.93%
91.0th percentile
Heap-based buffer overflow in the BMP reader (bmp.c) in Imager perl module (libimager-perl) 0.45 through 0.56 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted 8-bit/pixel compressed BMP files.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libimager-perl | < libimager-perl 0.58-1 (bookworm) | libimager-perl 0.58-1 (bookworm) |
| tony_cook | imager | — | — |
| tony_cook | imager | — | — |
| tony_cook | imager | — | — |
| tony_cook | imager | — | — |
| tony_cook | imager | — | — |
| tony_cook | imager | — | — |
| tony_cook | imager | — | — |
| tony_cook | imager | — | — |
| tony_cook | imager | — | — |
| tony_cook | imager | — | — |
| tony_cook | imager | — | — |
| tony_cook | imager | — | — |
| tony_cook | imager | — | — |
| tony_cook | imager | — | — |
| tony_cook | imager | — | — |
CVSS provenance
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
osv7.8HIGH
vendor_debian7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v92m-h6q5-w9gg: Heap-based buffer overflow in the BMP reader (bmp
ghsa_unreviewed·2022-05-01
CVE-2007-2459 [HIGH] CWE-119 GHSA-v92m-h6q5-w9gg: Heap-based buffer overflow in the BMP reader (bmp
Heap-based buffer overflow in the BMP reader (bmp.c) in Imager perl module (libimager-perl) 0.45 through 0.56 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted 8-bit/pixel compressed BMP files.
OSV
CVE-2007-2459: Heap-based buffer overflow in the BMP reader (bmp
osv·2007-05-02·CVSS 7.8
CVE-2007-2459 [HIGH] CVE-2007-2459: Heap-based buffer overflow in the BMP reader (bmp
Heap-based buffer overflow in the BMP reader (bmp.c) in Imager perl module (libimager-perl) 0.45 through 0.56 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted 8-bit/pixel compressed BMP files.
Debian
CVE-2007-2459: libimager-perl - Heap-based buffer overflow in the BMP reader (bmp.c) in Imager perl module (libi...
vendor_debian·2007·CVSS 7.8
CVE-2007-2459 [HIGH] CVE-2007-2459: libimager-perl - Heap-based buffer overflow in the BMP reader (bmp.c) in Imager perl module (libi...
Heap-based buffer overflow in the BMP reader (bmp.c) in Imager perl module (libimager-perl) 0.45 through 0.56 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted 8-bit/pixel compressed BMP files.
Scope: local
bookworm: resolved (fixed in 0.58-1)
bullseye: resolved (fixed in 0.58-1)
forky: resolved (fixed in 0.58-1)
sid: resolved (fixed in 0.58-1)
trixie: resolved (fixed in 0.58-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=421582http://imager.perl.org/a/65.htmlhttp://osvdb.org/35470http://osvdb.org/39846http://rt.cpan.org/Public/Bug/Display.html?id=26811http://secunia.com/advisories/25038http://secunia.com/advisories/28868http://www.debian.org/security/2008/dsa-1498http://www.securityfocus.com/bid/23711http://www.vupen.com/english/advisories/2007/1587https://exchange.xforce.ibmcloud.com/vulnerabilities/34010http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=421582http://imager.perl.org/a/65.htmlhttp://osvdb.org/35470http://osvdb.org/39846http://rt.cpan.org/Public/Bug/Display.html?id=26811http://secunia.com/advisories/25038http://secunia.com/advisories/28868http://www.debian.org/security/2008/dsa-1498http://www.securityfocus.com/bid/23711http://www.vupen.com/english/advisories/2007/1587https://exchange.xforce.ibmcloud.com/vulnerabilities/34010
2007-05-02
Published