Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-6697Improper Restriction of Operations within the Bounds of a Memory Buffer in Image

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer15 documents8 sources
Severity
7.5HIGHNVD
OSV2.6
EPSS
23.4%
top 4.02%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Debian Sdl-image1.2SDL Image
Timeline
PublishedFeb 1
Latest updateMay 1

Description

Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, a similar issue to CVE-2006-4484. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

debiandebian/sdl-image1.2< sdl-image1.2 1.2.6-2 (bookworm)
NVDsdl/sdl_image1.2.6

Patches

Patch: www.libsdl.orgPatch: www.libsdl.org

🔴Vulnerability Details

2
GHSA
GHSA-r8gv-4rq7-chfp: Buffer overflow in the LWZReadByte function in IMG_gif2022-05-01
OSV
CVE-2007-6697: Buffer overflow in the LWZReadByte function in IMG_gif2008-02-01

💥Exploits & PoCs

1
Exploit-DB
SDL_image 1.2.6 - Invalid '.GIF' File LWZ Minimum Code Size Remote Buffer Overflow2008-01-23

📋Vendor Advisories

3
Ubuntu
SDL_image vulnerabilities2008-03-26
Red Hat
SDL_image: GIF handling buffer overflow2008-01-23
Debian
CVE-2007-6697: sdl-image1.2 - Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image before 1.2...2007

💬Community

8
Bugzilla
CVE-2011-2896 David Koblas' GIF decoder LZW decoder buffer overflow2011-08-03
Bugzilla
CVE-2011-2897 gdk-pixbuf: GIF loader buffer overflow when initializing decompression tables2011-08-01
Bugzilla
CVE-2008-1373 cups: overflow in gif image filter2008-03-20
Bugzilla
CVE-2008-0553 tk: GIF handling buffer overflow2008-02-05
Bugzilla
CVE-2008-0553 tk: GIF handling buffer overflow [rawhide]2008-02-05