CVE-2007-4987 — Off-by-one Error in Imagemagick

CWE-1897 documents7 sources

Severity

9.3CRITICALNVD

EPSS

3.7%

top 12.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagemagick Debian Imagemagick

Timeline

PublishedSep 24

Latest updateMay 1

Description

Off-by-one error in the ReadBlobString function in blob.c in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a '\0' character to an out-of-bounds address.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/imagemagick< imagemagick 7:6.2.4.5.dfsg1-2 (bookworm)

▶Debianimagemagick/imagemagick< 7:6.2.4.5.dfsg1-2+3

▶NVDimagemagick/imagemagick57 versions+56

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-8r4q-vv4v-f978: Off-by-one error in the ReadBlobString function in blob↗2022-05-01

▶

OSV

CVE-2007-4987: Off-by-one error in the ReadBlobString function in blob↗2007-09-24

▶

📋Vendor Advisories

Ubuntu

ImageMagick vulnerabilities↗2007-10-03

▶

Red Hat

ImageMagick writes terminating NUL one byte beyond char array end↗2007-09-19

▶

Debian

CVE-2007-4987: imagemagick - Off-by-one error in the ReadBlobString function in blob.c in ImageMagick before ...↗2007

▶

💬Community

Bugzilla

CVE-2007-4987 ImageMagick writes terminating NUL one byte beyond char array end↗2007-09-27

▶