CVE-2007-6697 — sdl-image1.2 - arbitrary code execution

Description

Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, a similar issue to CVE-2006-4484. NOTE: some of these details are obtained from third party information.

How to fix CVE-2007-6697

To remediate CVE-2007-6697, upgrade the affected package to a fixed version below.

Debian/sdl-image1.2—upgrade to 1.2.6-2 or later
Debian/sdl-image1.2—upgrade to 1.2.4-1etch1 or later
—upgrade to 1.2.4-1etch1 or later

Is CVE-2007-6697 being exploited?

Moderate — EPSS is 23.4%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (3)

from 0, < 1.2.6-2
from 0, < 1.2.4-1etch1
from 0, < 1.2.4-1etch1

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2007-6697