What is the severity of CVE-2007-4988?

CVE-2007-4988 is classified as a critical vulnerability due to its ability to execute arbitrary code through a crafted image file.

How do I fix CVE-2007-4988?

To fix CVE-2007-4988, upgrade your ImageMagick installation to version 6.3.5-9 or later.

Which versions of ImageMagick are affected by CVE-2007-4988?

CVE-2007-4988 affects ImageMagick versions prior to 6.3.5-9, including 5.3.8 and several other versions.

What type of attack can exploit CVE-2007-4988?

CVE-2007-4988 can be exploited via a crafted width value in an image file, leading to an integer overflow and heap-based buffer overflow.

What are the potential impacts of CVE-2007-4988?

The impacts of CVE-2007-4988 include arbitrary code execution, which can lead to a full system compromise.

Vulnerability/
CVE-2007-4988

high

7.8

CWE

681 119 190 189

24/9/2007

2/2/2024

CVE-2007-4988: Buffer Overflow

First published: Mon Sep 24 2007(Updated: )

Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
ImageMagick	=5.3.3
ImageMagick	=5.3.8
ImageMagick	=5.4.2.3
ImageMagick	=5.4.3
ImageMagick	=5.4.4.5
ImageMagick	=5.4.7
ImageMagick	=5.4.8
ImageMagick	=5.4.8.2_1.1.0
ImageMagick	=5.5.3_.2_1.2.0
ImageMagick	=5.5.4
ImageMagick	=5.5.6
ImageMagick	=5.5.6.0_20030409
ImageMagick	=5.5.7
ImageMagick	=5.5.7.15
ImageMagick	=6.0
ImageMagick	=6.0.1
ImageMagick	=6.0.2
ImageMagick	=6.0.2.5
ImageMagick	=6.0.3
ImageMagick	=6.0.4
ImageMagick	=6.0.4.4
ImageMagick	=6.0.5
ImageMagick	=6.0.6
ImageMagick	=6.0.6.2
ImageMagick	=6.0.7
ImageMagick	=6.0.8
ImageMagick	=6.1
ImageMagick	=6.1.1
ImageMagick	=6.1.2
ImageMagick	=6.1.3
ImageMagick	=6.1.4
ImageMagick	=6.1.5
ImageMagick	=6.1.6
ImageMagick	=6.1.7
ImageMagick	=6.1.8
ImageMagick	=6.2
ImageMagick	=6.2.0.3
ImageMagick	=6.2.0.7
ImageMagick	=6.2.1
ImageMagick	=6.2.2
ImageMagick	=6.2.3
ImageMagick	=6.2.3.4
ImageMagick	=6.2.4
ImageMagick	=6.2.4.3
ImageMagick	=6.2.4.5
ImageMagick	=6.2.5
ImageMagick	=6.2.6
ImageMagick	=6.2.7
ImageMagick	=6.2.8
ImageMagick	=6.2.9
ImageMagick	=6.2.9.2
ImageMagick	=6.3.1
ImageMagick	=6.3.2
ImageMagick	=6.3.3_3
ImageMagick	=6.3.3_5
ImageMagick	=6.3.3_6
ImageMagick	=6.3.4
ImageMagick	<6.3.5-9
Ubuntu Linux	=6.06
Ubuntu Linux	=6.10
Ubuntu Linux	=7.04

Remedy

http://www.securityfocus.com/bid/25765

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2007-4988?
CVE-2007-4988 is classified as a critical vulnerability due to its ability to execute arbitrary code through a crafted image file.
How do I fix CVE-2007-4988?
To fix CVE-2007-4988, upgrade your ImageMagick installation to version 6.3.5-9 or later.
Which versions of ImageMagick are affected by CVE-2007-4988?
CVE-2007-4988 affects ImageMagick versions prior to 6.3.5-9, including 5.3.8 and several other versions.
What type of attack can exploit CVE-2007-4988?
CVE-2007-4988 can be exploited via a crafted width value in an image file, leading to an integer overflow and heap-based buffer overflow.
What are the potential impacts of CVE-2007-4988?
The impacts of CVE-2007-4988 include arbitrary code execution, which can lead to a full system compromise.

agent/type
agent/first-publish-date
agent/remedy
agent/severity
agent/last-modified-date
agent/references
agent/description
agent/event
agent/source
agent/author
agent/weakness
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
collector/nvd-api
source/NVD
agent/software-canonical-lookup
vendor/imagemagick
canonical/imagemagick
version/imagemagick/5.3.3
version/imagemagick/5.3.8
version/imagemagick/5.4.2.3
version/imagemagick/5.4.3
version/imagemagick/5.4.4.5
version/imagemagick/5.4.7
version/imagemagick/5.4.8
version/imagemagick/5.4.8.2_1.1.0
version/imagemagick/5.5.3_.2_1.2.0
version/imagemagick/5.5.4
version/imagemagick/5.5.6
version/imagemagick/5.5.6.0_20030409
version/imagemagick/5.5.7
version/imagemagick/5.5.7.15
version/imagemagick/6.0
version/imagemagick/6.0.1
version/imagemagick/6.0.2
version/imagemagick/6.0.2.5
version/imagemagick/6.0.3
version/imagemagick/6.0.4
version/imagemagick/6.0.4.4
version/imagemagick/6.0.5
version/imagemagick/6.0.6
version/imagemagick/6.0.6.2
version/imagemagick/6.0.7
version/imagemagick/6.0.8
version/imagemagick/6.1
version/imagemagick/6.1.1
version/imagemagick/6.1.2
version/imagemagick/6.1.3
version/imagemagick/6.1.4
version/imagemagick/6.1.5
version/imagemagick/6.1.6
version/imagemagick/6.1.7
version/imagemagick/6.1.8
version/imagemagick/6.2
version/imagemagick/6.2.0.3
version/imagemagick/6.2.0.7
version/imagemagick/6.2.1
version/imagemagick/6.2.2
version/imagemagick/6.2.3
version/imagemagick/6.2.3.4
version/imagemagick/6.2.4
version/imagemagick/6.2.4.3
version/imagemagick/6.2.4.5
version/imagemagick/6.2.5
version/imagemagick/6.2.6
version/imagemagick/6.2.7
version/imagemagick/6.2.8
version/imagemagick/6.2.9
version/imagemagick/6.2.9.2
version/imagemagick/6.3.1
version/imagemagick/6.3.2
version/imagemagick/6.3.3_3
version/imagemagick/6.3.3_5
version/imagemagick/6.3.3_6
version/imagemagick/6.3.4
vendor/canonical
canonical/ubuntu linux
version/ubuntu linux/6.06
version/ubuntu linux/6.10
version/ubuntu linux/7.04