CVE-2007-6697

Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, a similar issue to CVE-2006-4484. NOTE: some of these details are obtained from third party information.

🔗 References (48)

• cve@mitrehttp://bugs.gentoo.org/show_bug.cgi?id=207933
• cve@mitrehttp://marc.info/?l=bugtraq&m=120110205511630&w=2
• cve@mitrehttp://secunia.com/advisories/28640
• cve@mitrehttp://secunia.com/advisories/28752
• cve@mitrehttp://secunia.com/advisories/28830
• cve@mitrehttp://secunia.com/advisories/28837
• cve@mitrehttp://secunia.com/advisories/28850
• cve@mitrehttp://secunia.com/advisories/28869
• cve@mitrehttp://secunia.com/advisories/29542
• cve@mitrehttp://vexillium.org/?sec-sdlgif
• cve@mitrehttp://wiki.rpath.com/Advisories:rPSA-2008-0061
• cve@mitrehttp://www.debian.org/security/2008/dsa-1493
• cve@mitrehttp://www.gentoo.org/security/en/glsa/glsa-200802-01.xml
• cve@mitrehttp://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/CHANGES?revision=3462&view=markup
• cve@mitrehttp://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/IMG_gif.c?r1=2970&r2=3462