1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
PublicDate: 2007-09-24
Candidate: CVE-2007-4987
References:
http://www.ubuntu.com/usn/usn-523-1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4987
Description:
Off-by-one error in the ReadBlobString function in blob.c in ImageMagick
before 6.3.5-9 allows context-dependent attackers to execute arbitrary code
via a crafted image file, which triggers the writing of a '\0' character to
an out-of-bounds address.
Ubuntu-Description:
Notes:
fujitsu> graphicsmagick doesn't contain the vulnerable code.
Bugs:
https://bugs.launchpad.net/ubuntu/gutsy/+source/graphicsmagick/+bug/144425
Priority: medium
Assigned-to: kees
upstream_imagemagick: 6.3.5-9
dapper_imagemagick: released (6:6.2.4.5-0.6ubuntu0.7)
edgy_imagemagick: released (7:6.2.4.5.dfsg1-0.10ubuntu0.4)
feisty_imagemagick: released (7:6.2.4.5.dfsg1-0.14ubuntu0.2)
gutsy_imagemagick: released (7:6.2.4.5.dfsg1-2ubuntu1)
devel_imagemagick: released (7:6.2.4.5.dfsg1-2ubuntu1)
upstream_graphicsmagick: not-affected
dapper_graphicsmagick: DNE
edgy_graphicsmagick: not-affected
feisty_graphicsmagick: not-affected
gutsy_graphicsmagick: not-affected
devel_graphicsmagick: not-affected
|