Executive Summary
Summary | |
---|---|
Title | ImageMagick security update |
Informations | |||
---|---|---|---|
Name | RHSA-2008:0145 | First vendor Publication | 2008-04-16 |
Vendor | RedHat | Last vendor Modification | 2008-04-16 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated ImageMagick packages that correct several security issues are now available for Red Hat Enterprise Linux versions 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Several heap-based buffer overflow flaws were found in ImageMagick. If a victim opened a specially crafted DCM or XWD file, an attacker could potentially execute arbitrary code on the victim's machine. (CVE-2007-1797) Several denial of service flaws were found in ImageMagick's parsing of XCF and DCM files. Attempting to process a specially-crafted input file in these formats could cause ImageMagick to enter an infinite loop. (CVE-2007-4985) Several integer overflow flaws were found in ImageMagick. If a victim opened a specially-crafted DCM, DIB, XBM, XCF or XWD file, an attacker could potentially execute arbitrary code with the privileges of the user running ImageMagick. (CVE-2007-4986) An integer overflow flaw was found in ImageMagick's DIB parsing code. If a victim opened a specially-crafted DIB file, an attacker could potentially execute arbitrary code with the privileges of the user running ImageMagick. (CVE-2007-4988) A heap-based buffer overflow flaw was found in the way ImageMagick parsed XCF files. If a specially-crafted XCF image was opened, ImageMagick could be made to overwrite heap memory beyond the bounds of its allocated memory. This could, potentially, allow an attacker to execute arbitrary code on the machine running ImageMagick. (CVE-2008-1096) A heap-based buffer overflow flaw was found in ImageMagick's processing of certain malformed PCX images. If a victim opened a specially-crafted PCX file, an attacker could possibly execute arbitrary code on the victim's machine. (CVE-2008-1097) All users of ImageMagick should upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 235071 - CVE-2007-1797 Heap overflow in ImageMagick's DCM and XWD coders 285861 - CVE-2008-1097 Memory corruption in ImageMagick's PCX coder 286411 - CVE-2008-1096 Out of bound write in ImageMagick's XCF coder 310081 - CVE-2007-4988 Integer overflow in ImageMagick's DIB coder 310091 - CVE-2007-4985 Infinite loops in ImageMagick's XCF and DCM coders 310121 - CVE-2007-4986 Multiple integer overflows in ImageMagick |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2008-0145.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-399 | Resource Management Errors |
33 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
17 % | CWE-681 | Incorrect Conversion between Numeric Types |
17 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10843 | |||
Oval ID: | oval:org.mitre.oval:def:10843 | ||
Title: | The load_tile function in the XCF coder in coders/xcf.c in (1) ImageMagick 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write, possibly related to the ScaleCharToQuantum function. | ||
Description: | The load_tile function in the XCF coder in coders/xcf.c in (1) ImageMagick 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write, possibly related to the ScaleCharToQuantum function. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1096 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10869 | |||
Oval ID: | oval:org.mitre.oval:def:10869 | ||
Title: | ImageMagick before 6.3.5-9 allows context-dependent attackers to cause a denial of service via a crafted image file that triggers (1) an infinite loop in the ReadDCMImage function, related to ReadBlobByte function calls; or (2) an infinite loop in the ReadXCFImage function, related to ReadBlobMSBLong function calls. | ||
Description: | ImageMagick before 6.3.5-9 allows context-dependent attackers to cause a denial of service via a crafted image file that triggers (1) an infinite loop in the ReadDCMImage function, related to ReadBlobByte function calls; or (2) an infinite loop in the ReadXCFImage function, related to ReadBlobMSBLong function calls. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-4985 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11237 | |||
Oval ID: | oval:org.mitre.oval:def:11237 | ||
Title: | Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption. | ||
Description: | Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1097 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17691 | |||
Oval ID: | oval:org.mitre.oval:def:17691 | ||
Title: | USN-523-1 -- imagemagick vulnerabilities | ||
Description: | Multiple vulnerabilities were found in the image decoders of ImageMagick. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-523-1 CVE-2007-4985 CVE-2007-4986 CVE-2007-4987 CVE-2007-4988 | Version: | 5 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 | Product(s): | imagemagick |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17882 | |||
Oval ID: | oval:org.mitre.oval:def:17882 | ||
Title: | USN-681-1 -- imagemagick vulnerability | ||
Description: | It was discovered that ImageMagick did not correctly handle certain malformed XCF images. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-681-1 CVE-2008-1096 | Version: | 5 |
Platform(s): | Ubuntu 6.06 Ubuntu 7.10 | Product(s): | imagemagick |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22407 | |||
Oval ID: | oval:org.mitre.oval:def:22407 | ||
Title: | ELSA-2008:0145: ImageMagick security update (Moderate) | ||
Description: | Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0145-01 CVE-2007-1797 CVE-2007-4985 CVE-2007-4986 CVE-2007-4988 CVE-2008-1096 CVE-2008-1097 | Version: | 29 |
Platform(s): | Oracle Linux 5 | Product(s): | ImageMagick |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9254 | |||
Oval ID: | oval:org.mitre.oval:def:9254 | ||
Title: | Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which results in a heap-based overflow in the ReadXWDImage function, different issues than CVE-2007-1667. | ||
Description: | Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which results in a heap-based overflow in the ReadXWDImage function, different issues than CVE-2007-1667. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-1797 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9656 | |||
Oval ID: | oval:org.mitre.oval:def:9656 | ||
Title: | Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. | ||
Description: | Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-4988 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9963 | |||
Oval ID: | oval:org.mitre.oval:def:9963 | ||
Title: | Multiple integer overflows in ImageMagick before 6.3.5-9 allow context-dependent attackers to execute arbitrary code via a crafted (1) .dcm, (2) .dib, (3) .xbm, (4) .xcf, or (5) .xwd image file, which triggers a heap-based buffer overflow. | ||
Description: | Multiple integer overflows in ImageMagick before 6.3.5-9 allow context-dependent attackers to execute arbitrary code via a crafted (1) .dcm, (2) .dib, (3) .xbm, (4) .xcf, or (5) .xwd image file, which triggers a heap-based buffer overflow. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-4986 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-13 | Name : Debian Security Advisory DSA 1903-1 (graphicsmagick) File : nvt/deb_1903_1.nasl |
2009-08-17 | Name : Debian Security Advisory DSA 1858-1 (imagemagick) File : nvt/deb_1858_1.nasl |
2009-04-09 | Name : Mandriva Update for ImageMagick MDVSA-2008:099 (ImageMagick) File : nvt/gb_mandriva_MDVSA_2008_099.nasl |
2009-04-09 | Name : Mandriva Update for ImageMagick MDVSA-2008:035 (ImageMagick) File : nvt/gb_mandriva_MDVSA_2008_035.nasl |
2009-04-09 | Name : Mandriva Update for ImageMagick MDKSA-2007:147 (ImageMagick) File : nvt/gb_mandriva_MDKSA_2007_147.nasl |
2009-03-23 | Name : Ubuntu Update for imagemagick vulnerability USN-681-1 File : nvt/gb_ubuntu_USN_681_1.nasl |
2009-03-23 | Name : Ubuntu Update for imagemagick vulnerabilities USN-523-1 File : nvt/gb_ubuntu_USN_523_1.nasl |
2009-03-23 | Name : Ubuntu Update for imagemagick vulnerabilities USN-481-1 File : nvt/gb_ubuntu_USN_481_1.nasl |
2009-03-06 | Name : RedHat Update for ImageMagick RHSA-2008:0145-01 File : nvt/gb_RHSA-2008_0145-01_ImageMagick.nasl |
2009-03-06 | Name : RedHat Update for ImageMagick RHSA-2008:0165-01 File : nvt/gb_RHSA-2008_0165-01_ImageMagick.nasl |
2009-02-27 | Name : Fedora Update for GraphicsMagick FEDORA-2007-1340 File : nvt/gb_fedora_2007_1340_GraphicsMagick_fc7.nasl |
2009-02-27 | Name : Fedora Update for ImageMagick FEDORA-2007-414 File : nvt/gb_fedora_2007_414_ImageMagick_fc5.nasl |
2009-02-27 | Name : Fedora Update for ImageMagick FEDORA-2007-413 File : nvt/gb_fedora_2007_413_ImageMagick_fc6.nasl |
2009-02-27 | Name : CentOS Update for ImageMagick CESA-2008:0165-01 centos2 i386 File : nvt/gb_CESA-2008_0165-01_ImageMagick_centos2_i386.nasl |
2009-02-27 | Name : CentOS Update for ImageMagick CESA-2008:0145 centos4 x86_64 File : nvt/gb_CESA-2008_0145_ImageMagick_centos4_x86_64.nasl |
2009-02-27 | Name : CentOS Update for ImageMagick CESA-2008:0145 centos4 i386 File : nvt/gb_CESA-2008_0145_ImageMagick_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for ImageMagick CESA-2008:0145 centos3 x86_64 File : nvt/gb_CESA-2008_0145_ImageMagick_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for ImageMagick CESA-2008:0145 centos3 i386 File : nvt/gb_CESA-2008_0145_ImageMagick_centos3_i386.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200705-13 (imagemagick) File : nvt/glsa_200705_13.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200710-27 (imagemagick) File : nvt/glsa_200710_27.nasl |
2008-09-04 | Name : FreeBSD Ports: ImageMagick, ImageMagick-nox11 File : nvt/freebsd_ImageMagick6.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
43213 | ImageMagick / GraphicsMagick coders/pcx.c PCX Coder ReadPCXImage Function PCX... |
43212 | ImageMagick / GraphicsMagick coders/xcf.c XCF coder ScaleCharToQuantum Functi... |
41332 | ImageMagick ReadDCMImage / ReadXCFImage Crafted Image Handling DoS |
41331 | ImageMagick xwd Module XWD File Handling Overflow |
41330 | ImageMagick xcf Module XCF File Handling Overflow |
41329 | ImageMagick xbm Module XBM File Handling Overflow |
41328 | ImageMagick dib Module DIB File Handling Overflow |
41327 | ImageMagick dcm Module DCM File Handling Overflow |
41325 | ImageMagick ReadDIBImage Function Image File Handling Overflow |
34689 | ImageMagick ReadXWDImage Function XWD Image Handling Overflow |
34688 | ImageMagick ReadDCMImage Function DCM Image Handling Overflow |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-11-19 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201311-10.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0145.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080416_ImageMagick_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1858.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1903.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-681-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-099.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-035.nasl - Type : ACT_GATHER_INFO |
2008-07-02 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_ImageMagick-5278.nasl - Type : ACT_GATHER_INFO |
2008-07-02 | Name : The remote openSUSE host is missing a security update. File : suse_ImageMagick-5277.nasl - Type : ACT_GATHER_INFO |
2008-07-02 | Name : The remote openSUSE host is missing a security update. File : suse_GraphicsMagick-5276.nasl - Type : ACT_GATHER_INFO |
2008-04-22 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0145.nasl - Type : ACT_GATHER_INFO |
2008-04-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0145.nasl - Type : ACT_GATHER_INFO |
2008-04-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0165.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_ImageMagick-4541.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_ImageMagick-3737.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_ImageMagick-3131.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-481-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-523-1.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-1340.nasl - Type : ACT_GATHER_INFO |
2007-11-01 | Name : The remote openSUSE host is missing a security update. File : suse_GraphicsMagick-4539.nasl - Type : ACT_GATHER_INFO |
2007-11-01 | Name : The remote openSUSE host is missing a security update. File : suse_ImageMagick-4543.nasl - Type : ACT_GATHER_INFO |
2007-10-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200710-27.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_ImageMagick-3448.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_ImageMagick-3130.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_ImageMagick-3743.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_GraphicsMagick-3129.nasl - Type : ACT_GATHER_INFO |
2007-10-12 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_f5b29ec071f911dc8c6a00304881ac9a.nasl - Type : ACT_GATHER_INFO |
2007-07-23 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-147.nasl - Type : ACT_GATHER_INFO |
2007-05-11 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200705-13.nasl - Type : ACT_GATHER_INFO |
2007-04-19 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-414.nasl - Type : ACT_GATHER_INFO |
2007-04-06 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-413.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:51:27 |
|