Search for vulnerabilities
Vulnerability details: VCID-uvca-2ypr-aaan
Vulnerability ID VCID-uvca-2ypr-aaan
Aliases CVE-2007-1797
Summary Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which results in a heap-based overflow in the ReadXWDImage function, different issues than CVE-2007-1667.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-189 Numeric Errors
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2008:0145
rhas Moderate https://access.redhat.com/errata/RHSA-2008:0165
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.06704 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.07121 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.07121 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.15879 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.15879 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.15879 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.15879 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.16327 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.26021 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.26021 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.26021 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.26021 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.26021 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.26021 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.26021 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.26021 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.26021 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.26021 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
epss 0.26021 https://api.first.org/data/v1/epss?cve=CVE-2007-1797
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=235071
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2007-1797
generic_textual Medium http://www.imagemagick.org/script/changelog.php
Reference id Reference type URL
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=496
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1797.json
https://api.first.org/data/v1/epss?cve=CVE-2007-1797
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1797
http://secunia.com/advisories/24721
http://secunia.com/advisories/24739
http://secunia.com/advisories/25072
http://secunia.com/advisories/25206
http://secunia.com/advisories/25992
http://secunia.com/advisories/26177
http://secunia.com/advisories/29786
http://secunia.com/advisories/29857
http://secunia.com/advisories/36260
http://security.gentoo.org/glsa/glsa-200705-13.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/33376
https://exchange.xforce.ibmcloud.com/vulnerabilities/33377
https://issues.foresightlinux.org/browse/FL-222
https://issues.rpath.com/browse/RPL-1205
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9254
http://www.debian.org/security/2009/dsa-1858
http://www.imagemagick.org/script/changelog.php
http://www.mandriva.com/security/advisories?name=MDKSA-2007:147
http://www.novell.com/linux/security/advisories/2007_8_sr.html
http://www.redhat.com/support/errata/RHSA-2008-0145.html
http://www.redhat.com/support/errata/RHSA-2008-0165.html
http://www.securityfocus.com/bid/23252
http://www.securityfocus.com/bid/23347
http://www.securitytracker.com/id?1017839
http://www.ubuntu.com/usn/usn-481-1
http://www.vupen.com/english/advisories/2007/1200
235071 https://bugzilla.redhat.com/show_bug.cgi?id=235071
cpe:2.3:a:imagemagick:imagemagick:6.3.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:6.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:6.3.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:6.3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:6.3.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:6.3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:6.3.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:6.3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:6.3.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:6.3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:6.3.0.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:6.3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:6.3.0.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:6.3.0.7:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:6.3.0.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:6.3.0.8:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:6.3.1.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:6.3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:6.3.1.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:6.3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:6.3.1.2.:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:6.3.1.2.:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:6.3.1.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:6.3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:6.3.1.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:6.3.1.4:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:6.3.1.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:6.3.1.5:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:6.3.1.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:6.3.1.6:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:6.3.1.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:6.3.1.7:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:6.3.2.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:6.3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:6.3.2.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:6.3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:6.3.2.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:6.3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:6.3.2.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:6.3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:6.3.2.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:6.3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:6.3.2.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:6.3.2.5:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:6.3.2.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:6.3.2.6:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:6.3.2.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:6.3.2.7:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:6.3.2.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:6.3.2.8:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:6.3.3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:6.3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:6.3.3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:6.3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:6.3.3.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:6.3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:6.3.3.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:6.3.3.3:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:6.3.3.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:6.3.3.4:*:*:*:*:*:*:*
CVE-2007-1797 https://nvd.nist.gov/vuln/detail/CVE-2007-1797
GLSA-200705-13 https://security.gentoo.org/glsa/200705-13
RHSA-2008:0145 https://access.redhat.com/errata/RHSA-2008:0145
RHSA-2008:0165 https://access.redhat.com/errata/RHSA-2008:0165
USN-481-1 https://usn.ubuntu.com/481-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2007-1797
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.90354
EPSS Score 0.06704
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.