CVE-2007-4988Incorrect Conversion between Numeric Types in Imagemagick

CWE-681Incorrect Conversion between Numeric TypesCWE-190Integer Overflow or WraparoundCWE-194Unexpected Sign ExtensionCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents8 sources
Severity
7.8HIGHNVD
EPSS
2.3%
top 15.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
GraphicsmagickImagemagickDebian Graphicsmagick+2 more
Timeline
PublishedSep 24
Latest updateMay 1

Description

Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

debiandebian/imagemagick< graphicsmagick 1.1.11-1 (bookworm)
Debianimagemagick/imagemagick< 7:6.2.4.5.dfsg1-2+3
debiandebian/graphicsmagick< graphicsmagick 1.1.11-1 (bookworm)
Debiangraphicsmagick/graphicsmagick< 1.1.11-1+3

Also affects: Ubuntu Linux 6.06, 6.10, 7.04

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-xhjj-jg7j-pqrx: Sign extension error in the ReadDIBImage function in ImageMagick before 62022-05-01
OSV
CVE-2007-4988: Sign extension error in the ReadDIBImage function in ImageMagick before 62007-09-24

📋Vendor Advisories

3
Ubuntu
ImageMagick vulnerabilities2007-10-03
Red Hat
Integer overflow in ImageMagick's DIB coder2007-09-19
Debian
CVE-2007-4988: graphicsmagick - Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 ...2007

📐Framework References

2
CWE
Incorrect Conversion between Numeric Types
CWE
Unexpected Sign Extension

💬Community

1
Bugzilla
CVE-2007-4988 Integer overflow in ImageMagick's DIB coder2007-09-27