CVE-2007-4987 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-4987
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-4987

Description: Off-by-one error in the ReadBlobString function in blob.c in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a '\0' character to an out-of-bounds address.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/36739 UBUNTU http://www.ubuntu.com/usn/usn-523-1 SUSE http://www.novell.com/linux/security/advisories/2007_23_sr.html ST 1018729 SAID Secunia Advisory: SA28721 Secunia Advisory: SA27439 Secunia Advisory: SA27048 Secunia Advisory: SA27309 Secunia Advisory: SA26926 Secunia Advisory: SA36260 Secunia Advisory: SA27364 MLIST http://studio.imagemagick.org/pipermail/magick-announce/2007-September/000037.html MANDRIVA http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:035 IDEFENSE http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=595 GENTOO http://security.gentoo.org/glsa/glsa-200710-27.xml DEBIAN http://www.debian.org/security/2009/dsa-1858 CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=186030 http://www.imagemagick.org/script/changelog.php BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/483572/100/0/threaded BID 25766

Return to the previous page.