CVE-2007-4988

HIGH

Imagemagick < 6.3.5-9 - Buffer Overflow

Title source: rule

Description

Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow.

References (25)

... and 5 more

Scores

CVSS v3 7.8
EPSS 0.0230
EPSS Percentile 84.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE
CWE-681
Status draft

Affected Products (4)

imagemagick/imagemagick < 6.3.5-9
canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/ubuntu_linux

Timeline

Published Sep 24, 2007
Tracked Since Feb 18, 2026