CVE-2007-4987

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 6.3.5-9

Description The issue is caused by an off-by-one error in the ReadBlobString function in blob.c, which allows context-dependent attackers to execute arbitrary code via a crafted image file. This error triggers the writing of a '0' character to an out-of-bounds address.

Recommendations For versions prior to 6.3.5-9, update to version 6.3.5-9 or later to resolve the issue. As a temporary workaround, consider restricting the use of the ReadBlobString function in blob.c to minimize the risk of exploitation. Avoid using the function to process untrusted image files until the issue is resolved.