CVE-2007-2054

{"id": "CVE-2007-2054", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-04-30T22:19:00.000", "references": [{"url": "http://securityreason.com/securityalert/2657", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/467040/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.vsecurity.com/bulletins/advisories/2007/afflib-fmtstr.txt", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33969", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls in (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/aimage.cpp, (f) aimage/imager.cpp, and (g) tools/afxml.cpp. NOTE: the aimage.cpp vector (e) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de cadena de formato en AFFLIB anterior a 2.2.6 permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante determinados par\u00e1metros de l\u00ednea de comandos, los cuales se utilizan en llamadas (1) de advertencia (warn) y (2) de error (err) en (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/aimage.cpp, (f) aimage/imager.cpp, y (g) tools/afxml.cpp. NOTA: el vector aimage.cpp (e) ha sido retirado del aviso del investigador original, puesto que no se llama al c\u00f3digo en ninguna versi\u00f3n de AFFLIB."}], "lastModified": "2018-10-16T16:41:46.647", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:afflib:afflib:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A201CC59-48F8-4FA9-B17E-00D75CF41235", "versionEndIncluding": "2.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org", "evaluatorSolution": "The vendor has addressed this issue through the following product update: http://www.afflib.org/downloads/\r\n"}