CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2007-2054

Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls in (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/aimage.cpp, (f) aimage/imager.cpp, and (g) tools/afxml.cpp. NOTE: the aimage.cpp vector (e) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.041

EPSS Ranking 88.2%

CVSS Severity

CVSS v2 Score 7.5

References

http://securityreason.com/securityalert/2657
http://www.securityfocus.com/archive/1/467040/100/0/threaded
http://www.vsecurity.com/bulletins/advisories/2007/afflib-fmtstr.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/33969
http://securityreason.com/securityalert/2657
http://www.securityfocus.com/archive/1/467040/100/0/threaded
http://www.vsecurity.com/bulletins/advisories/2007/afflib-fmtstr.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/33969

Products affected by CVE-2007-2054

Afflib » Afflib » Version: Any

cpe:2.3:a:afflib:afflib:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-2054

Products

Pricing

Contact Us