Red Hat Bugzilla – Bug 310081
CVE-2007-4988 Integer overflow in ImageMagick's DIB coder
Last modified: 2016-03-04 06:34:03 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-4988 to the following vulnerability:
Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow.
RHEL-2.1 is not affected, it did not contain the DIB coder.
Created attachment 241681 [details]
backported patch from Jonathan Smith
Created attachment 241701 [details]
Needed for backport
Created attachment 241711 [details]
needed for backport
Doesn't Affect: RHEL2.1 (no dib support)
Created attachment 278181 [details]
Backported patch for 5.5.6 (as used in RHEL-3)
The patches from comment 5 and 6 are missing the changes to the headers...
Reporter changed to email@example.com by request of Jay Turner.