CVE-2007-2054
N/A
N/A
Summary
Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls in (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/aimage.cpp, (f) aimage/imager.cpp, and (g) tools/afxml.cpp. NOTE: the aimage.cpp vector (e) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://securityreason.com/securityalert/2657
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33969
- http://www.securityfocus.com/archive/1/467040/100/0/threaded
- http://www.vsecurity.com/bulletins/advisories/2007/afflib-fmtstr.txt
References
- http://securityreason.com/securityalert/2657
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33969
- http://www.securityfocus.com/archive/1/467040/100/0/threaded
- http://www.vsecurity.com/bulletins/advisories/2007/afflib-fmtstr.txt
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.