CVE-2007-2352

Name of the Vulnerable Software and Affected Versions AFFLIB version 2.2.6

Description The issue involves multiple format string vulnerabilities that allow remote attackers to execute arbitrary code via certain command line parameters. These parameters are used in warn and err calls, possibly involving files such as lib/s3.cpp, tools/afconvert.cpp, tools/afcopy.cpp, tools/afinfo.cpp, aimage/imager.cpp, and tools/afxml.cpp.

Recommendations For AFFLIB version 2.2.6, consider restricting the use of command line parameters that may be used in warn and err calls until a patch is available. As a temporary workaround, avoid using potentially vulnerable parameters in the affected files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.