CVE-2007-1797

Description

Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which results in a heap-based overflow in the ReadXWDImage function, different issues than CVE-2007-1667.

How to fix CVE-2007-1797

To remediate CVE-2007-1797, upgrade the affected package to a fixed version below.

• Debian/graphicsmagick—upgrade to 1.1.7-15 or later
• Debian/imagemagick—upgrade to 7:6.2.4.5.dfsg1-1 or later

Is CVE-2007-1797 being exploited?

Moderate — EPSS is 15.6%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

• from 0, < 1.1.7-15
• from 0, < 7:6.2.4.5.dfsg1-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2007-1797