CVE-2007-4987
Published: 24 September 2007
Off-by-one error in the ReadBlobString function in blob.c in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a '\0' character to an out-of-bounds address.
Priority
Medium
Status
| Package | Release | Status |
|---|---|---|
|
graphicsmagick Launchpad, Ubuntu, Debian |
Upstream |
Not vulnerable
|
|
imagemagick Launchpad, Ubuntu, Debian |
Upstream |
Released
(6.3.5-9)
|
Notes
| Author | Note |
|---|---|
| fujitsu | graphicsmagick doesn't contain the vulnerable code. |
References
- https://usn.ubuntu.com/usn/usn-523-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4987
- NVD
- Launchpad
- Debian