CVE-2007-4986 — Integer Overflow or Wraparound in Imagemagick

CWE-189 CWE-190 — Integer Overflow or Wraparound7 documents7 sources

Severity

6.8MEDIUMNVD

EPSS

1.5%

top 18.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Graphicsmagick Imagemagick Debian Graphicsmagick +1 more

Timeline

PublishedSep 24

Latest updateMay 1

Description

Multiple integer overflows in ImageMagick before 6.3.5-9 allow context-dependent attackers to execute arbitrary code via a crafted (1) .dcm, (2) .dib, (3) .xbm, (4) .xcf, or (5) .xwd image file, which triggers a heap-based buffer overflow.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages5 packages

▶debiandebian/imagemagick< graphicsmagick 1.1.11-1 (bookworm)

▶Debianimagemagick/imagemagick< 7:6.2.4.5.dfsg1-2+3

▶NVDimagemagick/imagemagick57 versions+56

▶debiandebian/graphicsmagick< graphicsmagick 1.1.11-1 (bookworm)

▶Debiangraphicsmagick/graphicsmagick< 1.1.11-1+3

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-53f2-89vw-gfqr: Multiple integer overflows in ImageMagick before 6↗2022-05-01

▶

OSV

CVE-2007-4986: Multiple integer overflows in ImageMagick before 6↗2007-09-24

▶

📋Vendor Advisories

Ubuntu

ImageMagick vulnerabilities↗2007-10-03

▶

Red Hat

Multiple integer overflows in ImageMagick↗2007-09-19

▶

Debian

CVE-2007-4986: graphicsmagick - Multiple integer overflows in ImageMagick before 6.3.5-9 allow context-dependent...↗2007

▶

💬Community

Bugzilla

CVE-2007-4986 Multiple integer overflows in ImageMagick↗2007-09-27

▶