CVE-2007-4985
imagemagick - several vulnerabilities
EPSS 2.9%
Description
ImageMagick before 6.3.5-9 allows context-dependent attackers to cause a denial of service via a crafted image file that triggers (1) an infinite loop in the ReadDCMImage function, related to ReadBlobByte function calls; or (2) an infinite loop in the ReadXCFImage function, related to ReadBlobMSBLong function calls.
How to fix CVE-2007-4985
To remediate CVE-2007-4985, upgrade the affected package to a fixed version below.
- Debian/graphicsmagick—upgrade to 1.1.11-1 or later
- Debian/imagemagick—upgrade to 7:6.2.4.5.dfsg1-2 or later
- —upgrade to 7:6.2.4.5.dfsg1-1+lenny1 or later
Is CVE-2007-4985 being exploited?
Low — EPSS is 2.9%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 1.1.11-1
- from 0, < 7:6.2.4.5.dfsg1-2
- from 0, < 7:6.2.4.5.dfsg1-1+lenny1