CVE-2007-2459 — libimager-perl - buffer overflow

Description

Heap-based buffer overflow in the BMP reader (bmp.c) in Imager perl module (libimager-perl) 0.45 through 0.56 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted 8-bit/pixel compressed BMP files.

How to fix CVE-2007-2459

To remediate CVE-2007-2459, upgrade the affected package to a fixed version below.

Debian/libimager-perl—upgrade to 0.58-1 or later
Debian/libimager-perl—upgrade to 0.50-1etch1 or later

Is CVE-2007-2459 being exploited?

Moderate — EPSS is 6.4%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

from 0, < 0.58-1
from 0, < 0.50-1etch1

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2007-2459