CVE-2007-4391 in Messengerinfo

Summary

Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 allows remote attackers to cause a denial of service (application crash) via a certain length field in JPEG2000 data, as demonstrated by sending an "invite to view my webcam" request, and then injecting a DLL into the attacker s peer Yahoo! Messenger application when this request is accepted.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservation

08/17/2007

Disclosure

08/17/2007

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
3265	Yahoo! Messenger JPEG2000 Image memory corruption	119	Proof-of-Concept	Official fix	CVE-2007-4391

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PreviousOverviewNext ▸

Do you need the next level of professionalism?

Upgrade your account now!