CVE-2007-2459

Heap-based buffer overflow in the BMP reader (bmp.c) in Imager perl module (libimager-perl) 0.45 through 0.56 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted 8-bit/pixel compressed BMP files.

Published: May 2, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-2459
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
tony_cook / imager	0.52	0.52.x
tony_cook / imager	0.48	0.48.x
tony_cook / imager	0.53	0.53.x
tony_cook / imager	0.45	0.45.x
tony_cook / imager	0.49	0.49.x
tony_cook / imager	0.54	0.54.x
tony_cook / imager	0.45_2	0.45_2.x
tony_cook / imager	0.46	0.46.x
tony_cook / imager	0.56	0.56.x
tony_cook / imager	0.44_1	0.44_1.x
tony_cook / imager	0.44	0.44.x
tony_cook / imager	0.51	0.51.x
tony_cook / imager	0.47	0.47.x
tony_cook / imager	0.55	0.55.x
tony_cook / imager	0.50	0.50.x

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=421582
http://imager.perl.org/a/65.html
http://osvdb.org/35470
http://osvdb.org/39846
http://rt.cpan.org/Public/Bug/Display.html?id=26811
http://secunia.com/advisories/25038
http://secunia.com/advisories/28868
http://www.debian.org/security/2008/dsa-1498
http://www.securityfocus.com/bid/23711
http://www.vupen.com/english/advisories/2007/1587
https://exchange.xforce.ibmcloud.com/vulnerabilities/34010

Vulnerability Database

CVE-2007-2459