CVE-2007-1797 - Vulnerability Details

Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which results in a heap-based overflow in the ReadXWDImage function, different issues than CVE-2007-1667.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.07121.

Key SSVC decision points have not yet been added.

Vendors	Products
Imagemagick	Imagemagick
Redhat	Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:a:imagemagick:imagemagick:6.3.0.0:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.3.0.1:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.3.0.2:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.3.0.3:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.3.0.4:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.3.0.5:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.3.0.7:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.3.0.8:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.3.1.0:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.3.1.1:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.3.1.2.:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.3.1.3:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.3.1.4:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.3.1.5:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.3.1.6:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.3.1.7:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.3.2.0:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.3.2.1:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.3.2.2:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.3.2.3:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.3.2.4:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.3.2.5:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.3.2.6:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.3.2.7:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.3.2.8:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.3.3.0:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.3.3.1:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.3.3.2:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.3.3.3:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.3.3.4:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 2.1
ImageMagick-0:5.3.8-21	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2008:0165	2008-04-17T00:00:00Z
Red Hat Enterprise Linux 3
ImageMagick-0:5.5.6-28	cpe:/o:redhat:enterprise_linux:3	RHSA-2008:0145	2008-04-17T00:00:00Z
Red Hat Enterprise Linux 4
ImageMagick-0:6.0.7.1-17.el4_6.1	cpe:/o:redhat:enterprise_linux:4	RHSA-2008:0145	2008-04-17T00:00:00Z
Red Hat Enterprise Linux 5
ImageMagick-0:6.2.8.0-4.el5_1.1	cpe:/o:redhat:enterprise_linux:5	RHSA-2008:0145	2008-04-17T00:00:00Z

No data.

Advisories

Source	ID	Title
Debian DSA	DSA-1858-1	New imagemagick packages fix several vulnerabilities
Debian DSA	DSA-1903-1	New graphicsmagick packages fix several vulnerabilities
EUVD	EUVD-2007-1791	Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which results in a heap-based overflow in the ReadXWDImage function, different issues than CVE-2007-1667.
Ubuntu USN	USN-481-1	ImageMagick vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=496
http://secunia.com/advisories/24721
http://secunia.com/advisories/24739
http://secunia.com/advisories/25072
http://secunia.com/advisories/25206
http://secunia.com/advisories/25992
http://secunia.com/advisories/26177
http://secunia.com/advisories/29786
http://secunia.com/advisories/29857
http://secunia.com/advisories/36260
http://security.gentoo.org/glsa/glsa-200705-13.xml
http://www.debian.org/security/2009/dsa-1858
http://www.imagemagick.org/script/changelog.php
http://www.mandriva.com/security/advisories?name=MDKSA-2007:147
http://www.novell.com/linux/security/advisories/2007_8_sr.html
http://www.redhat.com/support/errata/RHSA-2008-0145.html
http://www.redhat.com/support/errata/RHSA-2008-0165.html
http://www.securityfocus.com/bid/23252
http://www.securityfocus.com/bid/23347
http://www.securitytracker.com/id?1017839
http://www.ubuntu.com/usn/usn-481-1
http://www.vupen.com/english/advisories/2007/1200
https://exchange.xforce.ibmcloud.com/vulnerabilities/33376
https://exchange.xforce.ibmcloud.com/vulnerabilities/33377
https://issues.foresightlinux.org/browse/FL-222
https://issues.rpath.com/browse/RPL-1205
https://nvd.nist.gov/vuln/detail/CVE-2007-1797
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9254
https://www.cve.org/CVERecord?id=CVE-2007-1797

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-04-02T22:00:00

Updated: 2024-08-07T13:06:26.369Z

Reserved: 2007-04-02T00:00:00

Link: CVE-2007-1797

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-04-02T22:19:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-1797

Redhat

Severity : Moderate

Publid Date: 2007-03-31T00:00:00Z

Links: CVE-2007-1797 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object