Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title New graphicsmagick packages fix several vulnerabilities
Informations
Name DSA-1903 First vendor Publication 2009-10-07
Vendor Debian Last vendor Modification 2009-10-07
Severity (Vendor) N/A Revision 1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Several vulnerabilities have been discovered in graphicsmagick, a collection of image processing tool, which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-1667

Multiple integer overflows in XInitImage function in xwd.c for GraphicsMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. It only affects the oldstable distribution (etch).

CVE-2007-1797

Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted DCM image, or the colors or comments field in a crafted XWD image. It only affects the oldstable distribution (etch).

CVE-2007-4985

A crafted image file can trigger an infinite loop in the ReadDCMImage function or in the ReadXCFImage function. It only affects the oldstable distribution (etch).

CVE-2007-4986

Multiple integer overflows allow context-dependent attackers to execute arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file, which triggers a heap-based buffer overflow. It only affects the oldstable distribution (etch).

CVE-2007-4988

A sign extension error allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. It affects only the oldstable distribution (etch).

CVE-2008-1096

The load_tile function in the XCF coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write. It affects only oldstable (etch).

CVE-2008-3134

Multiple vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via vectors in the AVI, AVS, DCM, EPT, FITS, MTV, PALM, RLA, and TGA decoder readers; and the GetImageCharacteristics function in magick/image.c, as reachable from a crafted PNG, JPEG, BMP, or TIFF file.

CVE-2008-6070

Multiple heap-based buffer underflows in the ReadPALMImage function in coders/palm.c in GraphicsMagick before 1.2.3 allow remote attackers to ca use a denial of service (crash) or possibly execute arbitrary code via a crafted PALM image.

CVE-2008-6071

Heap-based buffer overflow in the DecodeImage function in coders/pict.c in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PICT image.

CVE-2008-6072

Multiple vulnerabilities in GraphicsMagick allow remote attackers to cause a denial of service (crash) via vectors in XCF and CINEON images.

CVE-2008-6621

Vulnerability in GraphicsMagick allows remote attackers to cause a denial of service (crash) via vectors in DPX images.

CVE-2009-1882

Integer overflow allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow.

For the oldstable distribution (etch), these problems have been fixed in version 1.1.7-13+etch1.

For the stable distribution (lenny), these problems have been fixed in version 1.1.11-3.2+lenny1.

For the upcoming stable distribution (squeeze) and the unstable distribution ion (sid), these problems have been fixed in version 1.3.5-5.1.

We recommend that you upgrade your graphicsmagick packages.

Original Source

Url : http://www.debian.org/security/2009/dsa-1903

CWE : Common Weakness Enumeration

% Id Name
40 % CWE-189 Numeric Errors (CWE/SANS Top 25)
30 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
20 % CWE-399 Resource Management Errors
10 % CWE-681 Incorrect Conversion between Numeric Types

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10843
 
Oval ID: oval:org.mitre.oval:def:10843
Title: The load_tile function in the XCF coder in coders/xcf.c in (1) ImageMagick 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write, possibly related to the ScaleCharToQuantum function.
Description: The load_tile function in the XCF coder in coders/xcf.c in (1) ImageMagick 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write, possibly related to the ScaleCharToQuantum function.
Family: unix Class: vulnerability
Reference(s): CVE-2008-1096
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10869
 
Oval ID: oval:org.mitre.oval:def:10869
Title: ImageMagick before 6.3.5-9 allows context-dependent attackers to cause a denial of service via a crafted image file that triggers (1) an infinite loop in the ReadDCMImage function, related to ReadBlobByte function calls; or (2) an infinite loop in the ReadXCFImage function, related to ReadBlobMSBLong function calls.
Description: ImageMagick before 6.3.5-9 allows context-dependent attackers to cause a denial of service via a crafted image file that triggers (1) an infinite loop in the ReadDCMImage function, related to ReadBlobByte function calls; or (2) an infinite loop in the ReadXCFImage function, related to ReadBlobMSBLong function calls.
Family: unix Class: vulnerability
Reference(s): CVE-2007-4985
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13308
 
Oval ID: oval:org.mitre.oval:def:13308
Title: DSA-1858-1 imagemagick -- multiple
Description: Several vulnerabilities have been discovered in the imagemagick image manipulation programs which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-1667 Multiple integer overflows in XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. It only affects the oldstable distribution. CVE-2007-1797 Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted DCM image, or the colors or comments field in a crafted XWD image. It only affects the oldstable distribution. CVE-2007-4985 A crafted image file can trigger an infinite loop in the ReadDCMImage function or in the ReadXCFImage function. It only affects the oldstable distribution. CVE-2007-4986 Multiple integer overflows allow context-dependent attackers to execute arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file, which triggers a heap-based buffer overflow. It only affects the oldstable distribution. CVE-2007-4987 Off-by-one error allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a "\0" character to an out-of-bounds address. It affects only the oldstable distribution. CVE-2007-4988 A sign extension error allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. It affects only the oldstable distribution. CVE-2008-1096 The load_tile function in the XCF coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write. It affects only to oldstable. CVE-2008-1097 Heap-based buffer overflow in the PCX coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption. It affects only to oldstable. CVE-2009-1882 Integer overflow allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. For the old stable distribution, these problems have been fixed in version 7:6.2.4.5.dfsg1-0.15+etch1. For the stable distribution, these problems have been fixed in version 7:6.3.7.9.dfsg2-1~lenny3. For the upcoming stable distribution and the unstable distribution, these problems have been fixed in version 7:6.5.1.0-1.1. We recommend that you upgrade your imagemagick packages.
Family: unix Class: patch
Reference(s): DSA-1858-1
CVE-2007-1667
CVE-2007-1797
CVE-2007-4985
CVE-2007-4986
CVE-2007-4987
CVE-2007-4988
CVE-2008-1096
CVE-2008-1097
CVE-2009-1882
Version: 7
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): imagemagick
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13868
 
Oval ID: oval:org.mitre.oval:def:13868
Title: USN-784-1 -- imagemagick vulnerability
Description: It was discovered that ImageMagick did not properly verify the dimensions of TIFF files. If a user or automated system were tricked into opening a crafted TIFF file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program.
Family: unix Class: patch
Reference(s): USN-784-1
CVE-2009-1882
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 9.04
Ubuntu 6.06
Ubuntu 8.10
Product(s): imagemagick
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1693
 
Oval ID: oval:org.mitre.oval:def:1693
Title: Security Vulnerability in libX11 for Solaris
Description: Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.
Family: unix Class: vulnerability
Reference(s): CVE-2007-1667
Version: 1
Platform(s): Sun Solaris 8
Sun Solaris 9
Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17691
 
Oval ID: oval:org.mitre.oval:def:17691
Title: USN-523-1 -- imagemagick vulnerabilities
Description: Multiple vulnerabilities were found in the image decoders of ImageMagick.
Family: unix Class: patch
Reference(s): USN-523-1
CVE-2007-4985
CVE-2007-4986
CVE-2007-4987
CVE-2007-4988
Version: 5
Platform(s): Ubuntu 6.06
Ubuntu 6.10
Ubuntu 7.04
Product(s): imagemagick
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17882
 
Oval ID: oval:org.mitre.oval:def:17882
Title: USN-681-1 -- imagemagick vulnerability
Description: It was discovered that ImageMagick did not correctly handle certain malformed XCF images.
Family: unix Class: patch
Reference(s): USN-681-1
CVE-2008-1096
Version: 5
Platform(s): Ubuntu 6.06
Ubuntu 7.10
Product(s): imagemagick
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19472
 
Oval ID: oval:org.mitre.oval:def:19472
Title: DSA-1903-1 graphicsmagick - several
Description: Several vulnerabilities have been discovered in graphicsmagick, a collection of image processing tool, which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS.
Family: unix Class: patch
Reference(s): DSA-1903-1
CVE-2007-1667
CVE-2007-1797
CVE-2007-4985
CVE-2007-4986
CVE-2007-4988
CVE-2008-1096
CVE-2008-3134
CVE-2008-6070
CVE-2008-6071
CVE-2008-6072
CVE-2008-6621
CVE-2009-1882
Version: 5
Platform(s): Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
Product(s): graphicsmagick
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22206
 
Oval ID: oval:org.mitre.oval:def:22206
Title: RHSA-2010:0652: ImageMagick security and bug fix update (Moderate)
Description: Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of these details are obtained from third party information.
Family: unix Class: patch
Reference(s): RHSA-2010:0652-01
CESA-2010:0652
CVE-2009-1882
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): ImageMagick
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22629
 
Oval ID: oval:org.mitre.oval:def:22629
Title: ELSA-2007:0157: xorg-x11-apps and libX11 security update (Moderate)
Description: Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.
Family: unix Class: patch
Reference(s): ELSA-2007:0157-01
CVE-2007-1667
Version: 6
Platform(s): Oracle Linux 5
Product(s): libX11
xorg-x11-apps
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22919
 
Oval ID: oval:org.mitre.oval:def:22919
Title: ELSA-2010:0652: ImageMagick security and bug fix update (Moderate)
Description: Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of these details are obtained from third party information.
Family: unix Class: patch
Reference(s): ELSA-2010:0652-01
CVE-2009-1882
Version: 6
Platform(s): Oracle Linux 5
Product(s): ImageMagick
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27931
 
Oval ID: oval:org.mitre.oval:def:27931
Title: DEPRECATED: ELSA-2010-0652 -- ImageMagick security and bug fix update (moderate)
Description: [6.2.8.0-4.el5_5.2] - Fix SGI image decoding (625058) [6.2.8.0-4.el5_5.1] - Add fix for CVE-2009-1882 (504304)
Family: unix Class: patch
Reference(s): ELSA-2010-0652
CVE-2009-1882
Version: 4
Platform(s): Oracle Linux 5
Product(s): ImageMagick
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7485
 
Oval ID: oval:org.mitre.oval:def:7485
Title: DSA-1903 graphicsmagick -- several vulnerabilities
Description: Several vulnerabilities have been discovered in graphicsmagick, a collection of image processing tool, which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS. The Common Vulnerabilities and Exposures project identifies the following problems: Multiple integer overflows in XInitImage function in xwd.c for GraphicsMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. It only affects the oldstable distribution (etch). Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted DCM image, or the colors or comments field in a crafted XWD image. It only affects the oldstable distribution (etch). A crafted image file can trigger an infinite loop in the ReadDCMImage function or in the ReadXCFImage function. It only affects the oldstable distribution (etch). Multiple integer overflows allow context-dependent attackers to execute arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file, which triggers a heap-based buffer overflow. It only affects the oldstable distribution (etch). A sign extension error allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. It affects only the oldstable distribution (etch). The load_tile function in the XCF coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write. It affects only oldstable (etch). Multiple vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via vectors in the AVI, AVS, DCM, EPT, FITS, MTV, PALM, RLA, and TGA decoder readers; and the GetImageCharacteristics function in magick/image.c, as reachable from a crafted PNG, JPEG, BMP, or TIFF file. Multiple heap-based buffer underflows in the ReadPALMImage function in coders/palm.c in GraphicsMagick before 1.2.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PALM image. Heap-based buffer overflow in the DecodeImage function in coders/pict.c in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PICT image. Multiple vulnerabilities in GraphicsMagick allow remote attackers to cause a denial of service (crash) via vectors in XCF and CINEON images. Vulnerability in GraphicsMagick allows remote attackers to cause a denial of service (crash) via vectors in DPX images. Integer overflow allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow.
Family: unix Class: patch
Reference(s): DSA-1903
CVE-2007-1667
CVE-2007-1797
CVE-2007-4985
CVE-2007-4986
CVE-2007-4988
CVE-2008-1096
CVE-2008-3134
CVE-2008-6070
CVE-2008-6071
CVE-2008-6072
CVE-2008-6621
CVE-2009-1882
Version: 3
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): graphicsmagick
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8206
 
Oval ID: oval:org.mitre.oval:def:8206
Title: DSA-1858 imagemagick -- multiple vulnerabilities
Description: Several vulnerabilities have been discovered in the imagemagick image manipulation programs which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS. The Common Vulnerabilities and Exposures project identifies the following problems: Multiple integer overflows in XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. It only affects the oldstable distribution (etch). Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted DCM image, or the colors or comments field in a crafted XWD image. It only affects the oldstable distribution (etch). A crafted image file can trigger an infinite loop in the ReadDCMImage function or in the ReadXCFImage function. It only affects the oldstable distribution (etch). Multiple integer overflows allow context-dependent attackers to execute arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file, which triggers a heap-based buffer overflow. It only affects the oldstable distribution (etch). Off-by-one error allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a "\0" character to an out-of-bounds address. It affects only the oldstable distribution (etch). A sign extension error allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. It affects only the oldstable distribution (etch). The load_tile function in the XCF coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write. It affects only to oldstable (etch). Heap-based buffer overflow in the PCX coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption. It affects only to oldstable (etch). Integer overflow allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow.
Family: unix Class: patch
Reference(s): DSA-1858
CVE-2007-1667
CVE-2007-1797
CVE-2007-4985
CVE-2007-4986
CVE-2007-4987
CVE-2007-4988
CVE-2008-1096
CVE-2008-1097
CVE-2009-1882
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): imagemagick
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9254
 
Oval ID: oval:org.mitre.oval:def:9254
Title: Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which results in a heap-based overflow in the ReadXWDImage function, different issues than CVE-2007-1667.
Description: Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which results in a heap-based overflow in the ReadXWDImage function, different issues than CVE-2007-1667.
Family: unix Class: vulnerability
Reference(s): CVE-2007-1797
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9656
 
Oval ID: oval:org.mitre.oval:def:9656
Title: Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow.
Description: Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow.
Family: unix Class: vulnerability
Reference(s): CVE-2007-4988
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9776
 
Oval ID: oval:org.mitre.oval:def:9776
Title: Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.
Description: Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.
Family: unix Class: vulnerability
Reference(s): CVE-2007-1667
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9963
 
Oval ID: oval:org.mitre.oval:def:9963
Title: Multiple integer overflows in ImageMagick before 6.3.5-9 allow context-dependent attackers to execute arbitrary code via a crafted (1) .dcm, (2) .dib, (3) .xbm, (4) .xcf, or (5) .xwd image file, which triggers a heap-based buffer overflow.
Description: Multiple integer overflows in ImageMagick before 6.3.5-9 allow context-dependent attackers to execute arbitrary code via a crafted (1) .dcm, (2) .dib, (3) .xbm, (4) .xcf, or (5) .xwd image file, which triggers a heap-based buffer overflow.
Family: unix Class: vulnerability
Reference(s): CVE-2007-4986
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 27
Application 6
Application 187
Application 4
Os 3

OpenVAS Exploits

Date Description
2011-03-09 Name : Gentoo Security Advisory GLSA 201006-03 (imagemagick)
File : nvt/glsa_201006_03.nasl
2010-08-30 Name : RedHat Update for ImageMagick RHSA-2010:0653-01
File : nvt/gb_RHSA-2010_0653-01_ImageMagick.nasl
2010-08-30 Name : RedHat Update for ImageMagick RHSA-2010:0652-01
File : nvt/gb_RHSA-2010_0652-01_ImageMagick.nasl
2010-08-30 Name : CentOS Update for ImageMagick CESA-2010:0653 centos4 i386
File : nvt/gb_CESA-2010_0653_ImageMagick_centos4_i386.nasl
2010-05-12 Name : Mac OS X Security Update 2009-001
File : nvt/macosx_secupd_2009-001.nasl
2010-03-02 Name : Fedora Update for GraphicsMagick FEDORA-2010-0001
File : nvt/gb_fedora_2010_0001_GraphicsMagick_fc11.nasl
2010-03-02 Name : Fedora Update for GraphicsMagick FEDORA-2010-0036
File : nvt/gb_fedora_2010_0036_GraphicsMagick_fc12.nasl
2010-01-15 Name : Fedora Update for ImageMagick FEDORA-2010-0295
File : nvt/gb_fedora_2010_0295_ImageMagick_fc11.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:260-1 (imagemagick)
File : nvt/mdksa_2009_260_1.nasl
2009-10-13 Name : Mandrake Security Advisory MDVSA-2009:261 (graphicsmagick)
File : nvt/mdksa_2009_261.nasl
2009-10-13 Name : Mandrake Security Advisory MDVSA-2009:260 (imagemagick)
File : nvt/mdksa_2009_260.nasl
2009-10-13 Name : Debian Security Advisory DSA 1903-1 (graphicsmagick)
File : nvt/deb_1903_1.nasl
2009-10-11 Name : SLES11: Security update for ImageMagick
File : nvt/sles11_libMagickCore1.nasl
2009-10-10 Name : SLES9: Security update for some XFree86 modules
File : nvt/sles9p5021116.nasl
2009-08-17 Name : Debian Security Advisory DSA 1858-1 (imagemagick)
File : nvt/deb_1858_1.nasl
2009-07-06 Name : SuSE Security Summary SUSE-SR:2009:012
File : nvt/suse_sr_2009_012.nasl
2009-06-15 Name : Ubuntu USN-784-1 (imagemagick)
File : nvt/ubuntu_784_1.nasl
2009-06-02 Name : ImageMagick Buffer Overflow Vulnerability (Win)
File : nvt/secpod_imagemagick_bof_vuln_win.nasl
2009-06-02 Name : ImageMagick Buffer Overflow Vulnerability (Linux)
File : nvt/secpod_imagemagick_bof_vuln_lin.nasl
2009-04-09 Name : Mandriva Update for xorg-x11 MDKSA-2007:079 (xorg-x11)
File : nvt/gb_mandriva_MDKSA_2007_079.nasl
2009-04-09 Name : Mandriva Update for xorg-x11 MDKSA-2007:079-1 (xorg-x11)
File : nvt/gb_mandriva_MDKSA_2007_079_1.nasl
2009-04-09 Name : Mandriva Update for ImageMagick MDKSA-2007:147 (ImageMagick)
File : nvt/gb_mandriva_MDKSA_2007_147.nasl
2009-04-09 Name : Mandriva Update for ImageMagick MDVSA-2008:035 (ImageMagick)
File : nvt/gb_mandriva_MDVSA_2008_035.nasl
2009-04-09 Name : Mandriva Update for ImageMagick MDVSA-2008:099 (ImageMagick)
File : nvt/gb_mandriva_MDVSA_2008_099.nasl
2009-03-23 Name : Ubuntu Update for imagemagick vulnerability USN-681-1
File : nvt/gb_ubuntu_USN_681_1.nasl
2009-03-23 Name : Ubuntu Update for imagemagick vulnerabilities USN-523-1
File : nvt/gb_ubuntu_USN_523_1.nasl
2009-03-23 Name : Ubuntu Update for imagemagick vulnerabilities USN-481-1
File : nvt/gb_ubuntu_USN_481_1.nasl
2009-03-23 Name : Ubuntu Update for rdesktop regression USN-453-2
File : nvt/gb_ubuntu_USN_453_2.nasl
2009-03-23 Name : Ubuntu Update for libx11 vulnerability USN-453-1
File : nvt/gb_ubuntu_USN_453_1.nasl
2009-03-06 Name : RedHat Update for ImageMagick RHSA-2008:0145-01
File : nvt/gb_RHSA-2008_0145-01_ImageMagick.nasl
2009-03-06 Name : RedHat Update for ImageMagick RHSA-2008:0165-01
File : nvt/gb_RHSA-2008_0165-01_ImageMagick.nasl
2009-02-27 Name : CentOS Update for ImageMagick CESA-2008:0165-01 centos2 i386
File : nvt/gb_CESA-2008_0165-01_ImageMagick_centos2_i386.nasl
2009-02-27 Name : Fedora Update for libX11 FEDORA-2007-426
File : nvt/gb_fedora_2007_426_libX11_fc6.nasl
2009-02-27 Name : Fedora Update for GraphicsMagick FEDORA-2007-1340
File : nvt/gb_fedora_2007_1340_GraphicsMagick_fc7.nasl
2009-02-27 Name : CentOS Update for ImageMagick CESA-2008:0145 centos4 x86_64
File : nvt/gb_CESA-2008_0145_ImageMagick_centos4_x86_64.nasl
2009-02-27 Name : CentOS Update for ImageMagick CESA-2008:0145 centos4 i386
File : nvt/gb_CESA-2008_0145_ImageMagick_centos4_i386.nasl
2009-02-27 Name : CentOS Update for ImageMagick CESA-2008:0145 centos3 x86_64
File : nvt/gb_CESA-2008_0145_ImageMagick_centos3_x86_64.nasl
2009-02-27 Name : CentOS Update for ImageMagick CESA-2008:0145 centos3 i386
File : nvt/gb_CESA-2008_0145_ImageMagick_centos3_i386.nasl
2009-02-27 Name : Fedora Update for ImageMagick FEDORA-2007-413
File : nvt/gb_fedora_2007_413_ImageMagick_fc6.nasl
2009-02-27 Name : Fedora Update for ImageMagick FEDORA-2007-414
File : nvt/gb_fedora_2007_414_ImageMagick_fc5.nasl
2009-02-27 Name : Fedora Update for libX11 FEDORA-2007-427
File : nvt/gb_fedora_2007_427_libX11_fc5.nasl
2009-02-18 Name : GraphicsMagick Multiple Vulnerabilities (Win)
File : nvt/gb_graphicsmagick_mult_vuln_win.nasl
2009-02-18 Name : GraphicsMagick Multiple Vulnerabilities (Linux)
File : nvt/gb_graphicsmagick_mult_vuln_lin.nasl
2009-01-28 Name : SuSE Update for XFree86, Xorg SUSE-SA:2007:027
File : nvt/gb_suse_2007_027.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200805-07 (ltsp)
File : nvt/glsa_200805_07.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200710-27 (imagemagick)
File : nvt/glsa_200710_27.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200705-13 (imagemagick)
File : nvt/glsa_200705_13.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200705-06 (libx11)
File : nvt/glsa_200705_06.nasl
2008-09-04 Name : FreeBSD Ports: ImageMagick, ImageMagick-nox11
File : nvt/freebsd_ImageMagick6.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
54729 ImageMagick magick/xwindow.c XMakeImage() Function TIFF File Handling Overflow

46633 GraphicsMagick Multiple Decoders Unspecified DoS

46632 GraphicsMagick GetImageCharacteristics() Function File Comment Handling DoS

46258 GraphicsMagick DPX Image Handling Unspecified DoS

46257 GraphicsMagick CINEON Image Handling Unspecified DoS

46256 GraphicsMagick XCF Image Handling Unspecified DoS

46255 GraphicsMagick coders/pict.c DecodeImage() Function PICT Image Handling Overflow

46254 GraphicsMagick coders/palm.c ReadPALMImage() Function PALM Image Handling Ove...

43212 ImageMagick / GraphicsMagick coders/xcf.c XCF coder ScaleCharToQuantum Functi...

41332 ImageMagick ReadDCMImage / ReadXCFImage Crafted Image Handling DoS

41331 ImageMagick xwd Module XWD File Handling Overflow

41330 ImageMagick xcf Module XCF File Handling Overflow

41329 ImageMagick xbm Module XBM File Handling Overflow

41328 ImageMagick dib Module DIB File Handling Overflow

41327 ImageMagick dcm Module DCM File Handling Overflow

41325 ImageMagick ReadDIBImage Function Image File Handling Overflow

34689 ImageMagick ReadXWDImage Function XWD Image Handling Overflow

34688 ImageMagick ReadDCMImage Function DCM Image Handling Overflow

34108 X.Org X11 libx11 xwd.c for ImageMagick XInitImage Function Overflow

34107 X.Org X11 libx11 ImUtil.c XGetPixel Function Overflow

Nessus® Vulnerability Scanner

Date Description
2015-04-02 Name : The remote host is missing Sun security patch number 119060-45.
File : solaris10_x86_119060_45.nasl - Type : ACT_GATHER_INFO
2015-04-02 Name : The remote host is missing Sun security patch number 119059-46.
File : solaris10_119059_46.nasl - Type : ACT_GATHER_INFO
2013-11-19 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201311-10.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0653.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0652.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0145.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2007-0157.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2007-0126.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2007-0125.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080416_ImageMagick_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100825_ImageMagick_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100825_ImageMagick_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2011-01-27 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_ImageMagick-6284.nasl - Type : ACT_GATHER_INFO
2010-08-26 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0652.nasl - Type : ACT_GATHER_INFO
2010-08-26 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0653.nasl - Type : ACT_GATHER_INFO
2010-08-26 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0652.nasl - Type : ACT_GATHER_INFO
2010-08-26 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0653.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-0036.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-0001.nasl - Type : ACT_GATHER_INFO
2010-06-02 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201006-03.nasl - Type : ACT_GATHER_INFO
2010-02-25 Name : The remote Fedora host is missing a security update.
File : fedora_2010-0295.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1903.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1858.nasl - Type : ACT_GATHER_INFO
2009-10-09 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-260.nasl - Type : ACT_GATHER_INFO
2009-10-09 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-261.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_ImageMagick-090604.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_GraphicsMagick-080929.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_GraphicsMagick-090609.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_ImageMagick-090604.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_GraphicsMagick-090609.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_ImageMagick-090604.nasl - Type : ACT_GATHER_INFO
2009-06-24 Name : The remote openSUSE host is missing a security update.
File : suse_ImageMagick-6287.nasl - Type : ACT_GATHER_INFO
2009-06-24 Name : The remote openSUSE host is missing a security update.
File : suse_GraphicsMagick-6294.nasl - Type : ACT_GATHER_INFO
2009-06-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-784-1.nasl - Type : ACT_GATHER_INFO
2009-05-29 Name : The remote Windows host contains an application that is affected by an intege...
File : imagemagick_6_5_2_9.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-099.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-035.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-681-1.nasl - Type : ACT_GATHER_INFO
2009-02-13 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2009-001.nasl - Type : ACT_GATHER_INFO
2008-10-01 Name : The remote openSUSE host is missing a security update.
File : suse_GraphicsMagick-5646.nasl - Type : ACT_GATHER_INFO
2008-07-02 Name : The remote openSUSE host is missing a security update.
File : suse_ImageMagick-5277.nasl - Type : ACT_GATHER_INFO
2008-07-02 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_ImageMagick-5278.nasl - Type : ACT_GATHER_INFO
2008-07-02 Name : The remote openSUSE host is missing a security update.
File : suse_GraphicsMagick-5276.nasl - Type : ACT_GATHER_INFO
2008-04-22 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0145.nasl - Type : ACT_GATHER_INFO
2008-04-18 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0145.nasl - Type : ACT_GATHER_INFO
2008-04-18 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0165.nasl - Type : ACT_GATHER_INFO
2007-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_xorg-x11-server-3083.nasl - Type : ACT_GATHER_INFO
2007-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_ImageMagick-4541.nasl - Type : ACT_GATHER_INFO
2007-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_ImageMagick-3737.nasl - Type : ACT_GATHER_INFO
2007-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_ImageMagick-3131.nasl - Type : ACT_GATHER_INFO
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-523-1.nasl - Type : ACT_GATHER_INFO
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-481-1.nasl - Type : ACT_GATHER_INFO
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-453-1.nasl - Type : ACT_GATHER_INFO
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-448-1.nasl - Type : ACT_GATHER_INFO
2007-11-06 Name : The remote Fedora host is missing a security update.
File : fedora_2007-1340.nasl - Type : ACT_GATHER_INFO
2007-11-01 Name : The remote openSUSE host is missing a security update.
File : suse_ImageMagick-4543.nasl - Type : ACT_GATHER_INFO
2007-11-01 Name : The remote openSUSE host is missing a security update.
File : suse_GraphicsMagick-4539.nasl - Type : ACT_GATHER_INFO
2007-10-25 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200710-27.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_xorg-x11-server-3082.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_ImageMagick-3743.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_ImageMagick-3448.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_ImageMagick-3130.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_GraphicsMagick-3129.nasl - Type : ACT_GATHER_INFO
2007-10-12 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_f5b29ec071f911dc8c6a00304881ac9a.nasl - Type : ACT_GATHER_INFO
2007-07-23 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2007-147.nasl - Type : ACT_GATHER_INFO
2007-05-25 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0157.nasl - Type : ACT_GATHER_INFO
2007-05-20 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1294.nasl - Type : ACT_GATHER_INFO
2007-05-11 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200705-13.nasl - Type : ACT_GATHER_INFO
2007-05-07 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200705-06.nasl - Type : ACT_GATHER_INFO
2007-04-19 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2007-0157.nasl - Type : ACT_GATHER_INFO
2007-04-19 Name : The remote Fedora Core host is missing a security update.
File : fedora_2007-414.nasl - Type : ACT_GATHER_INFO
2007-04-12 Name : The remote Fedora Core host is missing a security update.
File : fedora_2007-427.nasl - Type : ACT_GATHER_INFO
2007-04-12 Name : The remote Fedora Core host is missing a security update.
File : fedora_2007-426.nasl - Type : ACT_GATHER_INFO
2007-04-10 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2007-0126.nasl - Type : ACT_GATHER_INFO
2007-04-06 Name : The remote Fedora Core host is missing a security update.
File : fedora_2007-413.nasl - Type : ACT_GATHER_INFO
2007-04-05 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2007-079.nasl - Type : ACT_GATHER_INFO
2007-04-05 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2007-080.nasl - Type : ACT_GATHER_INFO
2007-04-05 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0125.nasl - Type : ACT_GATHER_INFO
2007-04-05 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0126.nasl - Type : ACT_GATHER_INFO
2007-04-05 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2007-0125.nasl - Type : ACT_GATHER_INFO
2006-11-06 Name : The remote host is missing Sun Security Patch number 119060-72
File : solaris10_x86_119060.nasl - Type : ACT_GATHER_INFO
2006-11-06 Name : The remote host is missing Sun Security Patch number 119059-73
File : solaris10_119059.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:28:53
  • Multiple Updates