// For flags

CVE-2007-4988

Integer overflow in ImageMagick's DIB coder

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow.

Error de extensión de signo en la función ReadDIBImage de ImageMagick versiones anteriores a 6.3.5-9 permite a atacantes locales o remotos dependientes del contexto ejecutar código de su elección mediante un valor de ancho manipulado en un fichero de imagen, que dispara un desbordamiento de entero y un desbordamiento de búfer basado en pila.

Remote exploitation of a sign extension vulnerability in ImageMagick, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code. iDefense Labs confirmed that ImageMagick version 6.3.4 is vulnerable. It is suspected that other versions of ImageMagick are also vulnerable.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-09-19 CVE Reserved
  • 2007-09-24 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-190: Integer Overflow or Wraparound
  • CWE-681: Incorrect Conversion between Numeric Types
CAPEC
References (27)
URL Tag Source
http://bugs.gentoo.org/show_bug.cgi?id=186030 Issue Tracking
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=597 Broken Link
http://secunia.com/advisories/26926 Broken Link
http://secunia.com/advisories/27048 Broken Link
http://secunia.com/advisories/27309 Broken Link
http://secunia.com/advisories/27364 Broken Link
http://secunia.com/advisories/27439 Broken Link
http://secunia.com/advisories/28721 Broken Link
http://secunia.com/advisories/29786 Broken Link
http://secunia.com/advisories/36260 Broken Link
http://studio.imagemagick.org/pipermail/magick-announce/2007-September/000037.html Broken Link
http://www.imagemagick.org/script/changelog.php Release Notes
http://www.securityfocus.com/archive/1/483572/100/0/threaded Broken Link
http://www.securitytracker.com/id?1018729 Broken Link
http://www.vupen.com/english/advisories/2007/3245 Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/36737 Third Party Advisory
https://issues.rpath.com/browse/RPL-1743 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9656 Broken Link
URL Date SRC
http://www.securityfocus.com/bid/25765 2024-08-07
URL Date SRC
URL Date SRC
http://security.gentoo.org/glsa/glsa-200710-27.xml 2024-02-02
http://www.debian.org/security/2009/dsa-1858 2024-02-02
http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:035 2024-02-02
http://www.novell.com/linux/security/advisories/2007_23_sr.html 2024-02-02
http://www.redhat.com/support/errata/RHSA-2008-0145.html 2024-02-02
http://www.ubuntu.com/usn/usn-523-1 2024-02-02
https://access.redhat.com/security/cve/CVE-2007-4988 2008-04-17
https://bugzilla.redhat.com/show_bug.cgi?id=310081 2008-04-17
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Imagemagick
Search vendor "Imagemagick"
 Imagemagick
Search vendor "Imagemagick" for product "Imagemagick"
 < 6.3.5-9
Search vendor "Imagemagick" for product "Imagemagick" and version " < 6.3.5-9"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 6.06
Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 6.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "6.10"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 7.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "7.04"
-
Affected