Vulnerability Name: | CVE-2007-1943 (CCN-33478) | ||||||||
Assigned: | 2007-04-04 | ||||||||
Published: | 2007-04-04 | ||||||||
Updated: | 2018-10-16 | ||||||||
Summary: | Integer overflow in ACDSee Photo Manager 9.0 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via large width image sizes in a crafted BMP image, as demonstrated by w3intof.bmp and w4intof.bmp. | ||||||||
CVSS v3 Severity: | 9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 8.0 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:U/RC:UR)
6.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:POC/RL:U/RC:UR)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2007-1942 Source: MITRE Type: CNA CVE-2007-1943 Source: MITRE Type: CNA CVE-2007-1946 Source: MITRE Type: CNA CVE-2007-1948 Source: MITRE Type: CNA CVE-2008-5870 Source: CCN Type: Ivan Fratric's Security Blog, Wednesday, April 4, 2007 Several Windows image viewers vulnerabilities Source: MISC Type: Exploit, Vendor Advisory http://ifsec.blogspot.com/2007/04/several-windows-image-viewers.html Source: OSVDB Type: UNKNOWN 34663 Source: CCN Type: SA24779 ACDSee Products BMP Image Handling Memory Corruption Source: SECUNIA Type: Vendor Advisory 24779 Source: CCN Type: SA24784 FastStone Image Viewer BMP Image Handling Memory Corruption Source: SREASON Type: UNKNOWN 2558 Source: MISC Type: UNKNOWN http://www.acdsee.com/support/knowledgebase/article?id=2800 Source: CCN Type: ACD System Web site ACD Products Source: CCN Type: FastStone Web site FastStone Image Viewer Source: CCN Type: OSVDB ID: 34663 ACDSee Multiple Products BMP Image Handling Overflow Source: CCN Type: OSVDB ID: 34664 FastStone Image Viewer BMP Image Handling Memory Corruption Source: CCN Type: OSVDB ID: 41553 Microsoft Windows Explorer BMP Width Dimension Handling Overflow Source: CCN Type: OSVDB ID: 41554 IrfanView BMP Image Non-RLE Encoded Block Handling Overflow Source: CCN Type: OSVDB ID: 51252 FastStone Image Viewer Malformed BMP Handling DoS Source: BUGTRAQ Type: UNKNOWN 20070404 Several Windows image viewers vulnerabilities Source: CCN Type: BID-23312 FastStone Image Viewer Multiple BMP Denial of Service Vulnerabilities Source: BID Type: UNKNOWN 23317 Source: CCN Type: BID-23317 ACDSee 9.0 Photo Manager Multiple BMP Denial of Service Vulnerabilities Source: CCN Type: BID-23318 IrfanView Multiple BMP Denial of Service Vulnerabilities Source: CCN Type: BID-23321 Microsoft Windows Explorer BMP Image Denial of Service Vulnerability Source: VUPEN Type: UNKNOWN ADV-2007-1283 Source: XF Type: UNKNOWN multiple-vendors-bmp-bo(33478) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |