CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2007-2352

Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls, possibly involving (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/imager.cpp, and (f) tools/afxml.cpp. NOTE: this identifier is intended to address the vectors that were not fixed in CVE-2007-2054, but the unfixed vectors were not explicitly listed.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.09

EPSS Ranking 92.2%

CVSS Severity

CVSS v2 Score 10.0

References

http://securityreason.com/securityalert/2657
http://www.securityfocus.com/archive/1/467040/100/0/threaded
http://www.vsecurity.com/bulletins/advisories/2007/afflib-fmtstr.txt
http://securityreason.com/securityalert/2657
http://www.securityfocus.com/archive/1/467040/100/0/threaded
http://www.vsecurity.com/bulletins/advisories/2007/afflib-fmtstr.txt

Products affected by CVE-2007-2352

Afflib » Afflib » Version: Any

cpe:2.3:a:afflib:afflib:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-2352

Products

Pricing

Contact Us