9.3 - CVE-2009-1882

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Informations
Name	CVE-2009-1882	First vendor Publication	2009-06-02
Vendor	Cve	Last vendor Modification	2018-10-10

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of these details are obtained from third party information.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1882

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-189	Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13308

Oval ID:	oval:org.mitre.oval:def:13308
Title:	DSA-1858-1 imagemagick -- multiple
Description:	Several vulnerabilities have been discovered in the imagemagick image manipulation programs which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-1667 Multiple integer overflows in XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. It only affects the oldstable distribution. CVE-2007-1797 Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted DCM image, or the colors or comments field in a crafted XWD image. It only affects the oldstable distribution. CVE-2007-4985 A crafted image file can trigger an infinite loop in the ReadDCMImage function or in the ReadXCFImage function. It only affects the oldstable distribution. CVE-2007-4986 Multiple integer overflows allow context-dependent attackers to execute arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file, which triggers a heap-based buffer overflow. It only affects the oldstable distribution. CVE-2007-4987 Off-by-one error allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a "\0" character to an out-of-bounds address. It affects only the oldstable distribution. CVE-2007-4988 A sign extension error allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. It affects only the oldstable distribution. CVE-2008-1096 The load_tile function in the XCF coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write. It affects only to oldstable. CVE-2008-1097 Heap-based buffer overflow in the PCX coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption. It affects only to oldstable. CVE-2009-1882 Integer overflow allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. For the old stable distribution, these problems have been fixed in version 7:6.2.4.5.dfsg1-0.15+etch1. For the stable distribution, these problems have been fixed in version 7:6.3.7.9.dfsg2-1~lenny3. For the upcoming stable distribution and the unstable distribution, these problems have been fixed in version 7:6.5.1.0-1.1. We recommend that you upgrade your imagemagick packages.
Family:	unix	Class:	patch
Reference(s):	DSA-1858-1 CVE-2007-1667 CVE-2007-1797 CVE-2007-4985 CVE-2007-4986 CVE-2007-4987 CVE-2007-4988 CVE-2008-1096 CVE-2008-1097 CVE-2009-1882	Version:	7
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	imagemagick
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Packages section imagemagick DPKG is earlier than 7:6.3.7.9.dfsg2-1~lenny3 AND libmagick9-dev DPKG is earlier than 7:6.3.7.9.dfsg2-1~lenny3 AND perlmagick DPKG is earlier than 7:6.3.7.9.dfsg2-1~lenny3 AND libmagick++9-dev DPKG is earlier than 7:6.3.7.9.dfsg2-1~lenny3 AND libmagick++10 DPKG is earlier than 7:6.3.7.9.dfsg2-1~lenny3 AND libmagick10 DPKG is earlier than 7:6.3.7.9.dfsg2-1~lenny3 OR Release section Debian GNU/Linux 4.0 is installed. AND Supported architectures section Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section libmagick9 DPKG is earlier than 7:6.2.4.5.dfsg1-0.15+etch1 AND imagemagick DPKG is earlier than 7:6.2.4.5.dfsg1-0.15+etch1 AND libmagick9-dev DPKG is earlier than 7:6.2.4.5.dfsg1-0.15+etch1 AND libmagick++9c2a DPKG is earlier than 7:6.2.4.5.dfsg1-0.15+etch1 AND perlmagick DPKG is earlier than 7:6.2.4.5.dfsg1-0.15+etch1 AND libmagick++9-dev DPKG is earlier than 7:6.2.4.5.dfsg1-0.15+etch1

Definition Id: oval:org.mitre.oval:def:13868

Oval ID:	oval:org.mitre.oval:def:13868
Title:	USN-784-1 -- imagemagick vulnerability
Description:	It was discovered that ImageMagick did not properly verify the dimensions of TIFF files. If a user or automated system were tricked into opening a crafted TIFF file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program.
Family:	unix	Class:	patch
Reference(s):	USN-784-1 CVE-2009-1882	Version:	5
Platform(s):	Ubuntu 8.04 Ubuntu 9.04 Ubuntu 6.06 Ubuntu 8.10	Product(s):	imagemagick
Definition Synopsis:
Release section Ubuntu 8.04 is installed AND Supported architectures section Installed architecture is sparc AND Installed architecture is i386 AND Installed architecture is amd64 AND Installed architecture is lpia AND Installed architecture is powerpc AND Packages section imagemagick DPKG is earlier than 7:6.3.7.9.dfsg1-2ubuntu1.1 AND libmagick9-dev DPKG is earlier than 7:6.3.7.9.dfsg1-2ubuntu1.1 AND perlmagick DPKG is earlier than 7:6.3.7.9.dfsg1-2ubuntu1.1 AND libmagick++9-dev DPKG is earlier than 7:6.3.7.9.dfsg1-2ubuntu1.1 AND libmagick++10 DPKG is earlier than 7:6.3.7.9.dfsg1-2ubuntu1.1 AND libmagick10 DPKG is earlier than 7:6.3.7.9.dfsg1-2ubuntu1.1 OR Release section Ubuntu 9.04 is installed AND Architecture section Architecture independent section Installed architecture is all AND imagemagick-doc DPKG is earlier than 7:6.4.5.4.dfsg1-1ubuntu3.1 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section imagemagick-dbg DPKG is earlier than 7:6.4.5.4.dfsg1-1ubuntu3.1 AND imagemagick DPKG is earlier than 7:6.4.5.4.dfsg1-1ubuntu3.1 AND libmagickcore1 DPKG is earlier than 7:6.4.5.4.dfsg1-1ubuntu3.1 AND libmagickwand-dev DPKG is earlier than 7:6.4.5.4.dfsg1-1ubuntu3.1 AND libmagickwand1 DPKG is earlier than 7:6.4.5.4.dfsg1-1ubuntu3.1 AND libmagick++-dev DPKG is earlier than 7:6.4.5.4.dfsg1-1ubuntu3.1 AND perlmagick DPKG is earlier than 7:6.4.5.4.dfsg1-1ubuntu3.1 AND libmagick++1 DPKG is earlier than 7:6.4.5.4.dfsg1-1ubuntu3.1 AND libmagickcore-dev DPKG is earlier than 7:6.4.5.4.dfsg1-1ubuntu3.1 OR Release section Ubuntu 6.06 is installed AND Supported architectures section Installed architecture is sparc AND Installed architecture is i386 AND Installed architecture is amd64 AND Installed architecture is powerpc AND Packages section libmagick9 DPKG is earlier than 6:6.2.4.5-0.6ubuntu0.9 AND imagemagick DPKG is earlier than 6:6.2.4.5-0.6ubuntu0.9 AND libmagick9-dev DPKG is earlier than 6:6.2.4.5-0.6ubuntu0.9 AND libmagick++9c2a DPKG is earlier than 6:6.2.4.5-0.6ubuntu0.9 AND perlmagick DPKG is earlier than 6:6.2.4.5-0.6ubuntu0.9 AND libmagick++9-dev DPKG is earlier than 6:6.2.4.5-0.6ubuntu0.9 OR Release section Ubuntu 8.10 is installed AND Supported architectures section Installed architecture is sparc AND Installed architecture is i386 AND Installed architecture is amd64 AND Installed architecture is lpia AND Installed architecture is powerpc AND Packages section imagemagick DPKG is earlier than 7:6.3.7.9.dfsg1-2ubuntu3.1 AND libmagick9-dev DPKG is earlier than 7:6.3.7.9.dfsg1-2ubuntu3.1 AND perlmagick DPKG is earlier than 7:6.3.7.9.dfsg1-2ubuntu3.1 AND libmagick++9-dev DPKG is earlier than 7:6.3.7.9.dfsg1-2ubuntu3.1 AND libmagick++10 DPKG is earlier than 7:6.3.7.9.dfsg1-2ubuntu3.1 AND libmagick10 DPKG is earlier than 7:6.3.7.9.dfsg1-2ubuntu3.1

Definition Id: oval:org.mitre.oval:def:19472

Oval ID:	oval:org.mitre.oval:def:19472
Title:	DSA-1903-1 graphicsmagick - several
Description:	Several vulnerabilities have been discovered in graphicsmagick, a collection of image processing tool, which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS.
Family:	unix	Class:	patch
Reference(s):	DSA-1903-1 CVE-2007-1667 CVE-2007-1797 CVE-2007-4985 CVE-2007-4986 CVE-2007-4988 CVE-2008-1096 CVE-2008-3134 CVE-2008-6070 CVE-2008-6071 CVE-2008-6072 CVE-2008-6621 CVE-2009-1882	Version:	5
Platform(s):	Debian GNU/Linux 4.0 Debian GNU/Linux 5.0	Product(s):	graphicsmagick
Definition Synopsis:
Release section Debian GNU/Linux 4.0 is installed. AND graphicsmagick DPKG is earlier than 0:1.1.7-13+etch1 AND Release section Debian GNU/Linux 5.0 is installed AND graphicsmagick DPKG is earlier than 0:1.1.11-3.2+lenny1

Definition Id: oval:org.mitre.oval:def:22206

Oval ID:	oval:org.mitre.oval:def:22206
Title:	RHSA-2010:0652: ImageMagick security and bug fix update (Moderate)
Description:	Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of these details are obtained from third party information.
Family:	unix	Class:	patch
Reference(s):	RHSA-2010:0652-01 CESA-2010:0652 CVE-2009-1882	Version:	4
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	ImageMagick
Definition Synopsis:
Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages section ImageMagick-c++-devel is earlier than 0:6.2.8.0-4.el5_5.2 AND ImageMagick-devel is earlier than 0:6.2.8.0-4.el5_5.2 AND ImageMagick-perl is earlier than 0:6.2.8.0-4.el5_5.2 AND ImageMagick is earlier than 0:6.2.8.0-4.el5_5.2 AND ImageMagick-c++ is earlier than 0:6.2.8.0-4.el5_5.2

Definition Id: oval:org.mitre.oval:def:22919

Oval ID:	oval:org.mitre.oval:def:22919
Title:	ELSA-2010:0652: ImageMagick security and bug fix update (Moderate)
Description:	Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of these details are obtained from third party information.
Family:	unix	Class:	patch
Reference(s):	ELSA-2010:0652-01 CVE-2009-1882	Version:	6
Platform(s):	Oracle Linux 5	Product(s):	ImageMagick
Definition Synopsis:
Oracle Linux 5.x rpm test ImageMagick-c++-devel is earlier than 0:6.2.8.0-4.el5_5.2 AND ImageMagick-devel is earlier than 0:6.2.8.0-4.el5_5.2 AND ImageMagick-perl is earlier than 0:6.2.8.0-4.el5_5.2 AND ImageMagick is earlier than 0:6.2.8.0-4.el5_5.2 AND ImageMagick-c++ is earlier than 0:6.2.8.0-4.el5_5.2

Definition Id: oval:org.mitre.oval:def:27931

Oval ID:	oval:org.mitre.oval:def:27931
Title:	DEPRECATED: ELSA-2010-0652 -- ImageMagick security and bug fix update (moderate)
Description:	[6.2.8.0-4.el5_5.2] - Fix SGI image decoding (625058) [6.2.8.0-4.el5_5.1] - Add fix for CVE-2009-1882 (504304)
Family:	unix	Class:	patch
Reference(s):	ELSA-2010-0652 CVE-2009-1882	Version:	4
Platform(s):	Oracle Linux 5	Product(s):	ImageMagick
Definition Synopsis:
Oracle Linux 5.x Packages match section ImageMagick is earlier than 0:6.2.8.0-4.el5_5.2 AND ImageMagick-c++ is earlier than 0:6.2.8.0-4.el5_5.2 AND ImageMagick-c++-devel is earlier than 0:6.2.8.0-4.el5_5.2 AND ImageMagick-devel is earlier than 0:6.2.8.0-4.el5_5.2 AND ImageMagick-perl is earlier than 0:6.2.8.0-4.el5_5.2

Definition Id: oval:org.mitre.oval:def:7485

Oval ID:	oval:org.mitre.oval:def:7485
Title:	DSA-1903 graphicsmagick -- several vulnerabilities
Description:	Several vulnerabilities have been discovered in graphicsmagick, a collection of image processing tool, which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS. The Common Vulnerabilities and Exposures project identifies the following problems: Multiple integer overflows in XInitImage function in xwd.c for GraphicsMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. It only affects the oldstable distribution (etch). Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted DCM image, or the colors or comments field in a crafted XWD image. It only affects the oldstable distribution (etch). A crafted image file can trigger an infinite loop in the ReadDCMImage function or in the ReadXCFImage function. It only affects the oldstable distribution (etch). Multiple integer overflows allow context-dependent attackers to execute arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file, which triggers a heap-based buffer overflow. It only affects the oldstable distribution (etch). A sign extension error allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. It affects only the oldstable distribution (etch). The load_tile function in the XCF coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write. It affects only oldstable (etch). Multiple vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via vectors in the AVI, AVS, DCM, EPT, FITS, MTV, PALM, RLA, and TGA decoder readers; and the GetImageCharacteristics function in magick/image.c, as reachable from a crafted PNG, JPEG, BMP, or TIFF file. Multiple heap-based buffer underflows in the ReadPALMImage function in coders/palm.c in GraphicsMagick before 1.2.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PALM image. Heap-based buffer overflow in the DecodeImage function in coders/pict.c in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PICT image. Multiple vulnerabilities in GraphicsMagick allow remote attackers to cause a denial of service (crash) via vectors in XCF and CINEON images. Vulnerability in GraphicsMagick allows remote attackers to cause a denial of service (crash) via vectors in DPX images. Integer overflow allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow.
Family:	unix	Class:	patch
Reference(s):	DSA-1903 CVE-2007-1667 CVE-2007-1797 CVE-2007-4985 CVE-2007-4986 CVE-2007-4988 CVE-2008-1096 CVE-2008-3134 CVE-2008-6070 CVE-2008-6071 CVE-2008-6072 CVE-2008-6621 CVE-2009-1882	Version:	3
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	graphicsmagick
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section graphicsmagick-libmagick-dev-compat is earlier than 1.1.11-3.2+lenny1 AND graphicsmagick-imagemagick-compat is earlier than 1.1.11-3.2+lenny1 OR Architecture dependent section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section libgraphics-magick-perl is earlier than 1.1.11-3.2+lenny1 AND libgraphicsmagick++1 is earlier than 1.1.11-3.2+lenny1 AND libgraphicsmagick1-dev is earlier than 1.1.11-3.2+lenny1 AND libgraphicsmagick1 is earlier than 1.1.11-3.2+lenny1 AND graphicsmagick-dbg is earlier than 1.1.11-3.2+lenny1 AND graphicsmagick is earlier than 1.1.11-3.2+lenny1 AND libgraphicsmagick++1-dev is earlier than 1.1.11-3.2+lenny1 OR Release section Debian GNU/Linux 4.0 is installed. AND Architecture section Architecture independent section Installed architecture is all AND Packages section graphicsmagick-libmagick-dev-compat is earlier than 1.1.7-13+etch1 AND graphicsmagick-imagemagick-compat is earlier than 1.1.7-13+etch1 AND libgraphics-magick-perl is earlier than 1.1.7-13+etch1 AND libgraphicsmagick++1 is earlier than 1.1.7-13+etch1 AND libgraphicsmagick1-dev is earlier than 1.1.7-13+etch1 AND libgraphicsmagick1 is earlier than 1.1.7-13+etch1 AND graphicsmagick-dbg is earlier than 1.1.7-13+etch1 AND graphicsmagick is earlier than 1.1.7-13+etch1 AND libgraphicsmagick++1-dev is earlier than 1.1.7-13+etch1

Definition Id: oval:org.mitre.oval:def:8206

Oval ID:	oval:org.mitre.oval:def:8206
Title:	DSA-1858 imagemagick -- multiple vulnerabilities
Description:	Several vulnerabilities have been discovered in the imagemagick image manipulation programs which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS. The Common Vulnerabilities and Exposures project identifies the following problems: Multiple integer overflows in XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. It only affects the oldstable distribution (etch). Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted DCM image, or the colors or comments field in a crafted XWD image. It only affects the oldstable distribution (etch). A crafted image file can trigger an infinite loop in the ReadDCMImage function or in the ReadXCFImage function. It only affects the oldstable distribution (etch). Multiple integer overflows allow context-dependent attackers to execute arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file, which triggers a heap-based buffer overflow. It only affects the oldstable distribution (etch). Off-by-one error allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a "\0" character to an out-of-bounds address. It affects only the oldstable distribution (etch). A sign extension error allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. It affects only the oldstable distribution (etch). The load_tile function in the XCF coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write. It affects only to oldstable (etch). Heap-based buffer overflow in the PCX coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption. It affects only to oldstable (etch). Integer overflow allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow.
Family:	unix	Class:	patch
Reference(s):	DSA-1858 CVE-2007-1667 CVE-2007-1797 CVE-2007-4985 CVE-2007-4986 CVE-2007-4987 CVE-2007-4988 CVE-2008-1096 CVE-2008-1097 CVE-2009-1882	Version:	5
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	imagemagick
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is powerpc AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section imagemagick is earlier than 7:6.3.7.9.dfsg2-1~lenny3 AND libmagick9-dev is earlier than 7:6.3.7.9.dfsg2-1~lenny3 AND perlmagick is earlier than 7:6.3.7.9.dfsg2-1~lenny3 AND libmagick++9-dev is earlier than 7:6.3.7.9.dfsg2-1~lenny3 AND libmagick++10 is earlier than 7:6.3.7.9.dfsg2-1~lenny3 AND libmagick10 is earlier than 7:6.3.7.9.dfsg2-1~lenny3 OR Release section Debian GNU/Linux 4.0 is installed. AND Supported architectures section Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section libmagick9 is earlier than 7:6.2.4.5.dfsg1-0.15+etch1 AND imagemagick is earlier than 7:6.2.4.5.dfsg1-0.15+etch1 AND libmagick9-dev is earlier than 7:6.2.4.5.dfsg1-0.15+etch1 AND libmagick++9c2a is earlier than 7:6.2.4.5.dfsg1-0.15+etch1 AND perlmagick is earlier than 7:6.2.4.5.dfsg1-0.15+etch1 AND libmagick++9-dev is earlier than 7:6.2.4.5.dfsg1-0.15+etch1

CPE : Common Platform Enumeration

Type	Description	Count
Application	Imagemagick cpe:2.3:a:imagemagick:imagemagick:6.5.2-8:::::::*	1

OpenVAS Exploits

Date	Description
2011-03-09	Name : Gentoo Security Advisory GLSA 201006-03 (imagemagick) File : nvt/glsa_201006_03.nasl
2010-08-30	Name : CentOS Update for ImageMagick CESA-2010:0653 centos4 i386 File : nvt/gb_CESA-2010_0653_ImageMagick_centos4_i386.nasl
2010-08-30	Name : RedHat Update for ImageMagick RHSA-2010:0652-01 File : nvt/gb_RHSA-2010_0652-01_ImageMagick.nasl
2010-08-30	Name : RedHat Update for ImageMagick RHSA-2010:0653-01 File : nvt/gb_RHSA-2010_0653-01_ImageMagick.nasl
2010-03-02	Name : Fedora Update for GraphicsMagick FEDORA-2010-0001 File : nvt/gb_fedora_2010_0001_GraphicsMagick_fc11.nasl
2010-03-02	Name : Fedora Update for GraphicsMagick FEDORA-2010-0036 File : nvt/gb_fedora_2010_0036_GraphicsMagick_fc12.nasl
2010-01-15	Name : Fedora Update for ImageMagick FEDORA-2010-0295 File : nvt/gb_fedora_2010_0295_ImageMagick_fc11.nasl
2009-12-10	Name : Mandriva Security Advisory MDVSA-2009:260-1 (imagemagick) File : nvt/mdksa_2009_260_1.nasl
2009-10-13	Name : Debian Security Advisory DSA 1903-1 (graphicsmagick) File : nvt/deb_1903_1.nasl
2009-10-13	Name : Mandrake Security Advisory MDVSA-2009:261 (graphicsmagick) File : nvt/mdksa_2009_261.nasl
2009-10-13	Name : Mandrake Security Advisory MDVSA-2009:260 (imagemagick) File : nvt/mdksa_2009_260.nasl
2009-10-11	Name : SLES11: Security update for ImageMagick File : nvt/sles11_libMagickCore1.nasl
2009-08-17	Name : Debian Security Advisory DSA 1858-1 (imagemagick) File : nvt/deb_1858_1.nasl
2009-07-06	Name : SuSE Security Summary SUSE-SR:2009:012 File : nvt/suse_sr_2009_012.nasl
2009-06-15	Name : Ubuntu USN-784-1 (imagemagick) File : nvt/ubuntu_784_1.nasl
2009-06-02	Name : ImageMagick Buffer Overflow Vulnerability (Linux) File : nvt/secpod_imagemagick_bof_vuln_lin.nasl
2009-06-02	Name : ImageMagick Buffer Overflow Vulnerability (Win) File : nvt/secpod_imagemagick_bof_vuln_win.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
54729	ImageMagick magick/xwindow.c XMakeImage() Function TIFF File Handling Overflow

Nessus® Vulnerability Scanner

Date	Description
2013-11-19	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201311-10.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0653.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0652.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100825_ImageMagick_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100825_ImageMagick_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2011-01-27	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_ImageMagick-6284.nasl - Type : ACT_GATHER_INFO
2010-08-26	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0653.nasl - Type : ACT_GATHER_INFO
2010-08-26	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0653.nasl - Type : ACT_GATHER_INFO
2010-08-26	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0652.nasl - Type : ACT_GATHER_INFO
2010-08-26	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0652.nasl - Type : ACT_GATHER_INFO
2010-07-01	Name : The remote Fedora host is missing a security update. File : fedora_2010-0036.nasl - Type : ACT_GATHER_INFO
2010-07-01	Name : The remote Fedora host is missing a security update. File : fedora_2010-0001.nasl - Type : ACT_GATHER_INFO
2010-06-02	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201006-03.nasl - Type : ACT_GATHER_INFO
2010-02-25	Name : The remote Fedora host is missing a security update. File : fedora_2010-0295.nasl - Type : ACT_GATHER_INFO
2010-02-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1903.nasl - Type : ACT_GATHER_INFO
2010-02-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1858.nasl - Type : ACT_GATHER_INFO
2009-10-09	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-260.nasl - Type : ACT_GATHER_INFO
2009-10-09	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-261.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_ImageMagick-090604.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_GraphicsMagick-090609.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_1_ImageMagick-090604.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_1_GraphicsMagick-090609.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_ImageMagick-090604.nasl - Type : ACT_GATHER_INFO
2009-06-24	Name : The remote openSUSE host is missing a security update. File : suse_GraphicsMagick-6294.nasl - Type : ACT_GATHER_INFO
2009-06-24	Name : The remote openSUSE host is missing a security update. File : suse_ImageMagick-6287.nasl - Type : ACT_GATHER_INFO
2009-06-09	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-784-1.nasl - Type : ACT_GATHER_INFO
2009-05-29	Name : The remote Windows host contains an application that is affected by an intege... File : imagemagick_6_5_2_9.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/35111
BUGTRAQ	http://www.securityfocus.com/archive/1/514516/100/0/threaded
CONFIRM	http://imagemagick.org/script/changelog.php http://mirror1.smudge-it.co.uk/imagemagick/www/changelog.html http://wiki.rpath.com/Advisories:rPSA-2010-0074
DEBIAN	http://www.debian.org/security/2009/dsa-1858
FEDORA	http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033766... http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033833...
GENTOO	http://security.gentoo.org/glsa/glsa-201311-10.xml
MLIST	http://www.openwall.com/lists/oss-security/2009/06/08/1
OSVDB	http://osvdb.org/54729
SECUNIA	http://secunia.com/advisories/35216 http://secunia.com/advisories/35382 http://secunia.com/advisories/35685 http://secunia.com/advisories/36260 http://secunia.com/advisories/37959 http://secunia.com/advisories/55721
SUSE	http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
UBUNTU	https://usn.ubuntu.com/784-1/
VUPEN	http://www.vupen.com/english/advisories/2009/1449

Alert History

If you want to see full details history, please login or register.

Date	Informations
2021-05-04 12:09:39	Multiple Updates
2021-04-22 01:09:59	Multiple Updates
2020-05-23 00:23:51	Multiple Updates
2018-10-11 00:19:37	Multiple Updates
2018-10-04 00:19:36	Multiple Updates
2016-06-28 17:43:03	Multiple Updates
2016-04-26 18:52:07	Multiple Updates
2014-02-17 10:50:17	Multiple Updates
2013-11-25 13:20:23	Multiple Updates
2013-05-10 23:51:41	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	8
CPE ID(s)	1
Sources(s)	20
osvdb(s)	1
Openvas Exploit(s)	17
Nessus® Exploit(s)	27

	Related
10	DSA-1903
9.3	USN-784-1
9.3	RHSA-2010:0653
9.3	RHSA-2010:0652
9.3	MDVSA-2009:261
9.3	MDVSA-2009:260-1
9.3	MDVSA-2009:260
9.3	GLSA-201311-10
9.3	GLSA-201006-03
9.3	DSA-1858
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 10 more Alert(s)