CVE-2007-4988

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 6.3.5-9

Description The issue is related to a sign extension error in the ReadDIBImage function, which allows context-dependent attackers to execute arbitrary code. This is achieved by providing a crafted width value in an image file, triggering an integer overflow and a heap-based buffer overflow.

Recommendations For versions prior to 6.3.5-9, update to version 6.3.5-9 or later to resolve the issue. As a temporary workaround, consider restricting the use of the ReadDIBImage function until a patch is applied. Avoid using crafted image files that could trigger the integer overflow and heap-based buffer overflow.