Bug 310101 (CVE-2007-4987)
Summary: | CVE-2007-4987 ImageMagick writes terminating NUL one byte beyond char array end | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Lubomir Kundrak <lkundrak> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED NOTABUG | QA Contact: | |||||
Severity: | low | Docs Contact: | |||||
Priority: | low | ||||||
Version: | unspecified | CC: | bnocera, nmurray | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4987 | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2007-12-05 15:09:41 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Lubomir Kundrak
2007-09-27 22:57:29 UTC
Doesn't Affect: RHEL2.1 Doesn't Affect: RHEL3 Affects: RHEL4 Affects: RHEL5 Really: RHEL-3: for (i=0; i < (MaxTextExtent-1); i++) RHEL-4: for (i=0; i < (long) MaxTextExtent; i++) Needless to say, "allows context-dependent attackers to execute arbitrary code" this is not true. This issue is not exploitable. Created attachment 241661 [details]
backported patch from Jonathan Smith
The CVE description for this bug is incorrect. As the address of the overwritten byte is not under attacker's control, the worst impact his bug could have is an application crash. It can not be exploited to execute arbitrary code. |