CVE-2007-2054 - Vulnerability Details - OpenCVE

Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls in (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/aimage.cpp, (f) aimage/imager.cpp, and (g) tools/afxml.cpp. NOTE: the aimage.cpp vector (e) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.04142.

Key SSVC decision points have not yet been added.

Vendors	Products
Afflib	Afflib

Configuration 1 [-]

cpe:2.3:a:afflib:afflib:*:*:*:*:*:*:*:*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://securityreason.com/securityalert/2657
http://www.securityfocus.com/archive/1/467040/100/0/threaded
http://www.vsecurity.com/bulletins/advisories/2007/afflib-fmtstr.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/33969

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-04-30T22:00:00

Updated: 2024-08-07T13:23:49.643Z

Reserved: 2007-04-16T00:00:00

Link: CVE-2007-2054

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-04-30T22:19:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-2054

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-04-27T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls in (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/aimage.cpp, (f) aimage/imager.cpp, and (g) tools/afxml.cpp. NOTE: the aimage.cpp vector (e) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "2657", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2657"}, {"name": "afflib-multiple-format-string(33969)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33969"}, {"name": "20070427 AFFLIB(TM): Multiple Format String Injections", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/467040/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://www.vsecurity.com/bulletins/advisories/2007/afflib-fmtstr.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2054", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls in (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/aimage.cpp, (f) aimage/imager.cpp, and (g) tools/afxml.cpp. NOTE: the aimage.cpp vector (e) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "2657", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2657"}, {"name": "afflib-multiple-format-string(33969)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33969"}, {"name": "20070427 AFFLIB(TM): Multiple Format String Injections", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/467040/100/0/threaded"}, {"name": "http://www.vsecurity.com/bulletins/advisories/2007/afflib-fmtstr.txt", "refsource": "MISC", "url": "http://www.vsecurity.com/bulletins/advisories/2007/afflib-fmtstr.txt"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:23:49.643Z"}, "title": "CVE Program Container", "references": [{"name": "2657", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2657"}, {"name": "afflib-multiple-format-string(33969)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33969"}, {"name": "20070427 AFFLIB(TM): Multiple Format String Injections", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/467040/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.vsecurity.com/bulletins/advisories/2007/afflib-fmtstr.txt"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2054", "datePublished": "2007-04-30T22:00:00", "dateReserved": "2007-04-16T00:00:00", "dateUpdated": "2024-08-07T13:23:49.643Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:afflib:afflib:*:*:*:*:*:*:*:*", "matchCriteriaId": "A201CC59-48F8-4FA9-B17E-00D75CF41235", "versionEndIncluding": "2.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls in (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/aimage.cpp, (f) aimage/imager.cpp, and (g) tools/afxml.cpp. NOTE: the aimage.cpp vector (e) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de cadena de formato en AFFLIB anterior a 2.2.6 permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante determinados par\u00e1metros de l\u00ednea de comandos, los cuales se utilizan en llamadas (1) de advertencia (warn) y (2) de error (err) en (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/aimage.cpp, (f) aimage/imager.cpp, y (g) tools/afxml.cpp. NOTA: el vector aimage.cpp (e) ha sido retirado del aviso del investigador original, puesto que no se llama al c\u00f3digo en ninguna versi\u00f3n de AFFLIB."}], "evaluatorSolution": "The vendor has addressed this issue through the following product update: http://www.afflib.org/downloads/\r\n", "id": "CVE-2007-2054", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-04-30T22:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2657"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/467040/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vsecurity.com/bulletins/advisories/2007/afflib-fmtstr.txt"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33969"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2657"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/467040/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vsecurity.com/bulletins/advisories/2007/afflib-fmtstr.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33969"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}