9.3 - RHSA-2010:0652

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	ImageMagick security and bug fix update

Informations
Name	RHSA-2010:0652	First vendor Publication	2010-08-25
Vendor	RedHat	Last vendor Modification	2010-08-25
Severity (Vendor)	Moderate	Revision	01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated ImageMagick packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats.

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the ImageMagick routine responsible for creating X11 images. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. (CVE-2009-1882)

This update also fixes the following bug:

* previously, portions of certain RGB images on the right side were not rendered and left black when converting or displaying them. With this update, RGB images display correctly. (BZ#625058)

Users of ImageMagick are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of ImageMagick must be restarted for this update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

503017 - CVE-2009-1882 ImageMagick, GraphicsMagick: Integer overflow in the routine creating X11 images 625058 - CRM.1902920 - Issue displaying SGI image with ImageMagick

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2010-0652.html

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-189	Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13308

Oval ID:	oval:org.mitre.oval:def:13308
Title:	DSA-1858-1 imagemagick -- multiple
Description:	Several vulnerabilities have been discovered in the imagemagick image manipulation programs which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-1667 Multiple integer overflows in XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. It only affects the oldstable distribution. CVE-2007-1797 Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted DCM image, or the colors or comments field in a crafted XWD image. It only affects the oldstable distribution. CVE-2007-4985 A crafted image file can trigger an infinite loop in the ReadDCMImage function or in the ReadXCFImage function. It only affects the oldstable distribution. CVE-2007-4986 Multiple integer overflows allow context-dependent attackers to execute arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file, which triggers a heap-based buffer overflow. It only affects the oldstable distribution. CVE-2007-4987 Off-by-one error allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a "\0" character to an out-of-bounds address. It affects only the oldstable distribution. CVE-2007-4988 A sign extension error allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. It affects only the oldstable distribution. CVE-2008-1096 The load_tile function in the XCF coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write. It affects only to oldstable. CVE-2008-1097 Heap-based buffer overflow in the PCX coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption. It affects only to oldstable. CVE-2009-1882 Integer overflow allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. For the old stable distribution, these problems have been fixed in version 7:6.2.4.5.dfsg1-0.15+etch1. For the stable distribution, these problems have been fixed in version 7:6.3.7.9.dfsg2-1~lenny3. For the upcoming stable distribution and the unstable distribution, these problems have been fixed in version 7:6.5.1.0-1.1. We recommend that you upgrade your imagemagick packages.
Family:	unix	Class:	patch
Reference(s):	DSA-1858-1 CVE-2007-1667 CVE-2007-1797 CVE-2007-4985 CVE-2007-4986 CVE-2007-4987 CVE-2007-4988 CVE-2008-1096 CVE-2008-1097 CVE-2009-1882	Version:	7
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	imagemagick
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Packages section imagemagick DPKG is earlier than 7:6.3.7.9.dfsg2-1~lenny3 AND libmagick9-dev DPKG is earlier than 7:6.3.7.9.dfsg2-1~lenny3 AND perlmagick DPKG is earlier than 7:6.3.7.9.dfsg2-1~lenny3 AND libmagick++9-dev DPKG is earlier than 7:6.3.7.9.dfsg2-1~lenny3 AND libmagick++10 DPKG is earlier than 7:6.3.7.9.dfsg2-1~lenny3 AND libmagick10 DPKG is earlier than 7:6.3.7.9.dfsg2-1~lenny3 OR Release section Debian GNU/Linux 4.0 is installed. AND Supported architectures section Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section libmagick9 DPKG is earlier than 7:6.2.4.5.dfsg1-0.15+etch1 AND imagemagick DPKG is earlier than 7:6.2.4.5.dfsg1-0.15+etch1 AND libmagick9-dev DPKG is earlier than 7:6.2.4.5.dfsg1-0.15+etch1 AND libmagick++9c2a DPKG is earlier than 7:6.2.4.5.dfsg1-0.15+etch1 AND perlmagick DPKG is earlier than 7:6.2.4.5.dfsg1-0.15+etch1 AND libmagick++9-dev DPKG is earlier than 7:6.2.4.5.dfsg1-0.15+etch1

Definition Id: oval:org.mitre.oval:def:13868

Oval ID:	oval:org.mitre.oval:def:13868
Title:	USN-784-1 -- imagemagick vulnerability
Description:	It was discovered that ImageMagick did not properly verify the dimensions of TIFF files. If a user or automated system were tricked into opening a crafted TIFF file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program.
Family:	unix	Class:	patch
Reference(s):	USN-784-1 CVE-2009-1882	Version:	5
Platform(s):	Ubuntu 8.04 Ubuntu 9.04 Ubuntu 6.06 Ubuntu 8.10	Product(s):	imagemagick
Definition Synopsis:
Release section Ubuntu 8.04 is installed AND Supported architectures section Installed architecture is sparc AND Installed architecture is i386 AND Installed architecture is amd64 AND Installed architecture is lpia AND Installed architecture is powerpc AND Packages section imagemagick DPKG is earlier than 7:6.3.7.9.dfsg1-2ubuntu1.1 AND libmagick9-dev DPKG is earlier than 7:6.3.7.9.dfsg1-2ubuntu1.1 AND perlmagick DPKG is earlier than 7:6.3.7.9.dfsg1-2ubuntu1.1 AND libmagick++9-dev DPKG is earlier than 7:6.3.7.9.dfsg1-2ubuntu1.1 AND libmagick++10 DPKG is earlier than 7:6.3.7.9.dfsg1-2ubuntu1.1 AND libmagick10 DPKG is earlier than 7:6.3.7.9.dfsg1-2ubuntu1.1 OR Release section Ubuntu 9.04 is installed AND Architecture section Architecture independent section Installed architecture is all AND imagemagick-doc DPKG is earlier than 7:6.4.5.4.dfsg1-1ubuntu3.1 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section imagemagick-dbg DPKG is earlier than 7:6.4.5.4.dfsg1-1ubuntu3.1 AND imagemagick DPKG is earlier than 7:6.4.5.4.dfsg1-1ubuntu3.1 AND libmagickcore1 DPKG is earlier than 7:6.4.5.4.dfsg1-1ubuntu3.1 AND libmagickwand-dev DPKG is earlier than 7:6.4.5.4.dfsg1-1ubuntu3.1 AND libmagickwand1 DPKG is earlier than 7:6.4.5.4.dfsg1-1ubuntu3.1 AND libmagick++-dev DPKG is earlier than 7:6.4.5.4.dfsg1-1ubuntu3.1 AND perlmagick DPKG is earlier than 7:6.4.5.4.dfsg1-1ubuntu3.1 AND libmagick++1 DPKG is earlier than 7:6.4.5.4.dfsg1-1ubuntu3.1 AND libmagickcore-dev DPKG is earlier than 7:6.4.5.4.dfsg1-1ubuntu3.1 OR Release section Ubuntu 6.06 is installed AND Supported architectures section Installed architecture is sparc AND Installed architecture is i386 AND Installed architecture is amd64 AND Installed architecture is powerpc AND Packages section libmagick9 DPKG is earlier than 6:6.2.4.5-0.6ubuntu0.9 AND imagemagick DPKG is earlier than 6:6.2.4.5-0.6ubuntu0.9 AND libmagick9-dev DPKG is earlier than 6:6.2.4.5-0.6ubuntu0.9 AND libmagick++9c2a DPKG is earlier than 6:6.2.4.5-0.6ubuntu0.9 AND perlmagick DPKG is earlier than 6:6.2.4.5-0.6ubuntu0.9 AND libmagick++9-dev DPKG is earlier than 6:6.2.4.5-0.6ubuntu0.9 OR Release section Ubuntu 8.10 is installed AND Supported architectures section Installed architecture is sparc AND Installed architecture is i386 AND Installed architecture is amd64 AND Installed architecture is lpia AND Installed architecture is powerpc AND Packages section imagemagick DPKG is earlier than 7:6.3.7.9.dfsg1-2ubuntu3.1 AND libmagick9-dev DPKG is earlier than 7:6.3.7.9.dfsg1-2ubuntu3.1 AND perlmagick DPKG is earlier than 7:6.3.7.9.dfsg1-2ubuntu3.1 AND libmagick++9-dev DPKG is earlier than 7:6.3.7.9.dfsg1-2ubuntu3.1 AND libmagick++10 DPKG is earlier than 7:6.3.7.9.dfsg1-2ubuntu3.1 AND libmagick10 DPKG is earlier than 7:6.3.7.9.dfsg1-2ubuntu3.1

Definition Id: oval:org.mitre.oval:def:19472

Oval ID:	oval:org.mitre.oval:def:19472
Title:	DSA-1903-1 graphicsmagick - several
Description:	Several vulnerabilities have been discovered in graphicsmagick, a collection of image processing tool, which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS.
Family:	unix	Class:	patch
Reference(s):	DSA-1903-1 CVE-2007-1667 CVE-2007-1797 CVE-2007-4985 CVE-2007-4986 CVE-2007-4988 CVE-2008-1096 CVE-2008-3134 CVE-2008-6070 CVE-2008-6071 CVE-2008-6072 CVE-2008-6621 CVE-2009-1882	Version:	5
Platform(s):	Debian GNU/Linux 4.0 Debian GNU/Linux 5.0	Product(s):	graphicsmagick
Definition Synopsis:
Release section Debian GNU/Linux 4.0 is installed. AND graphicsmagick DPKG is earlier than 0:1.1.7-13+etch1 AND Release section Debian GNU/Linux 5.0 is installed AND graphicsmagick DPKG is earlier than 0:1.1.11-3.2+lenny1

Definition Id: oval:org.mitre.oval:def:22206

Oval ID:	oval:org.mitre.oval:def:22206
Title:	RHSA-2010:0652: ImageMagick security and bug fix update (Moderate)
Description:	Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of these details are obtained from third party information.
Family:	unix	Class:	patch
Reference(s):	RHSA-2010:0652-01 CESA-2010:0652 CVE-2009-1882	Version:	4
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	ImageMagick
Definition Synopsis:
Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages section ImageMagick-c++-devel is earlier than 0:6.2.8.0-4.el5_5.2 AND ImageMagick-devel is earlier than 0:6.2.8.0-4.el5_5.2 AND ImageMagick-perl is earlier than 0:6.2.8.0-4.el5_5.2 AND ImageMagick is earlier than 0:6.2.8.0-4.el5_5.2 AND ImageMagick-c++ is earlier than 0:6.2.8.0-4.el5_5.2

Definition Id: oval:org.mitre.oval:def:22919

Oval ID:	oval:org.mitre.oval:def:22919
Title:	ELSA-2010:0652: ImageMagick security and bug fix update (Moderate)
Description:	Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of these details are obtained from third party information.
Family:	unix	Class:	patch
Reference(s):	ELSA-2010:0652-01 CVE-2009-1882	Version:	6
Platform(s):	Oracle Linux 5	Product(s):	ImageMagick
Definition Synopsis:
Oracle Linux 5.x rpm test ImageMagick-c++-devel is earlier than 0:6.2.8.0-4.el5_5.2 AND ImageMagick-devel is earlier than 0:6.2.8.0-4.el5_5.2 AND ImageMagick-perl is earlier than 0:6.2.8.0-4.el5_5.2 AND ImageMagick is earlier than 0:6.2.8.0-4.el5_5.2 AND ImageMagick-c++ is earlier than 0:6.2.8.0-4.el5_5.2

Definition Id: oval:org.mitre.oval:def:27931

Oval ID:	oval:org.mitre.oval:def:27931
Title:	DEPRECATED: ELSA-2010-0652 -- ImageMagick security and bug fix update (moderate)
Description:	[6.2.8.0-4.el5_5.2] - Fix SGI image decoding (625058) [6.2.8.0-4.el5_5.1] - Add fix for CVE-2009-1882 (504304)
Family:	unix	Class:	patch
Reference(s):	ELSA-2010-0652 CVE-2009-1882	Version:	4
Platform(s):	Oracle Linux 5	Product(s):	ImageMagick
Definition Synopsis:
Oracle Linux 5.x Packages match section ImageMagick is earlier than 0:6.2.8.0-4.el5_5.2 AND ImageMagick-c++ is earlier than 0:6.2.8.0-4.el5_5.2 AND ImageMagick-c++-devel is earlier than 0:6.2.8.0-4.el5_5.2 AND ImageMagick-devel is earlier than 0:6.2.8.0-4.el5_5.2 AND ImageMagick-perl is earlier than 0:6.2.8.0-4.el5_5.2

Definition Id: oval:org.mitre.oval:def:7485

Oval ID:	oval:org.mitre.oval:def:7485
Title:	DSA-1903 graphicsmagick -- several vulnerabilities
Description:	Several vulnerabilities have been discovered in graphicsmagick, a collection of image processing tool, which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS. The Common Vulnerabilities and Exposures project identifies the following problems: Multiple integer overflows in XInitImage function in xwd.c for GraphicsMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. It only affects the oldstable distribution (etch). Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted DCM image, or the colors or comments field in a crafted XWD image. It only affects the oldstable distribution (etch). A crafted image file can trigger an infinite loop in the ReadDCMImage function or in the ReadXCFImage function. It only affects the oldstable distribution (etch). Multiple integer overflows allow context-dependent attackers to execute arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file, which triggers a heap-based buffer overflow. It only affects the oldstable distribution (etch). A sign extension error allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. It affects only the oldstable distribution (etch). The load_tile function in the XCF coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write. It affects only oldstable (etch). Multiple vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via vectors in the AVI, AVS, DCM, EPT, FITS, MTV, PALM, RLA, and TGA decoder readers; and the GetImageCharacteristics function in magick/image.c, as reachable from a crafted PNG, JPEG, BMP, or TIFF file. Multiple heap-based buffer underflows in the ReadPALMImage function in coders/palm.c in GraphicsMagick before 1.2.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PALM image. Heap-based buffer overflow in the DecodeImage function in coders/pict.c in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PICT image. Multiple vulnerabilities in GraphicsMagick allow remote attackers to cause a denial of service (crash) via vectors in XCF and CINEON images. Vulnerability in GraphicsMagick allows remote attackers to cause a denial of service (crash) via vectors in DPX images. Integer overflow allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow.
Family:	unix	Class:	patch
Reference(s):	DSA-1903 CVE-2007-1667 CVE-2007-1797 CVE-2007-4985 CVE-2007-4986 CVE-2007-4988 CVE-2008-1096 CVE-2008-3134 CVE-2008-6070 CVE-2008-6071 CVE-2008-6072 CVE-2008-6621 CVE-2009-1882	Version:	3
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	graphicsmagick
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section graphicsmagick-libmagick-dev-compat is earlier than 1.1.11-3.2+lenny1 AND graphicsmagick-imagemagick-compat is earlier than 1.1.11-3.2+lenny1 OR Architecture dependent section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section libgraphics-magick-perl is earlier than 1.1.11-3.2+lenny1 AND libgraphicsmagick++1 is earlier than 1.1.11-3.2+lenny1 AND libgraphicsmagick1-dev is earlier than 1.1.11-3.2+lenny1 AND libgraphicsmagick1 is earlier than 1.1.11-3.2+lenny1 AND graphicsmagick-dbg is earlier than 1.1.11-3.2+lenny1 AND graphicsmagick is earlier than 1.1.11-3.2+lenny1 AND libgraphicsmagick++1-dev is earlier than 1.1.11-3.2+lenny1 OR Release section Debian GNU/Linux 4.0 is installed. AND Architecture section Architecture independent section Installed architecture is all AND Packages section graphicsmagick-libmagick-dev-compat is earlier than 1.1.7-13+etch1 AND graphicsmagick-imagemagick-compat is earlier than 1.1.7-13+etch1 AND libgraphics-magick-perl is earlier than 1.1.7-13+etch1 AND libgraphicsmagick++1 is earlier than 1.1.7-13+etch1 AND libgraphicsmagick1-dev is earlier than 1.1.7-13+etch1 AND libgraphicsmagick1 is earlier than 1.1.7-13+etch1 AND graphicsmagick-dbg is earlier than 1.1.7-13+etch1 AND graphicsmagick is earlier than 1.1.7-13+etch1 AND libgraphicsmagick++1-dev is earlier than 1.1.7-13+etch1

Definition Id: oval:org.mitre.oval:def:8206

Oval ID:	oval:org.mitre.oval:def:8206
Title:	DSA-1858 imagemagick -- multiple vulnerabilities
Description:	Several vulnerabilities have been discovered in the imagemagick image manipulation programs which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS. The Common Vulnerabilities and Exposures project identifies the following problems: Multiple integer overflows in XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. It only affects the oldstable distribution (etch). Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted DCM image, or the colors or comments field in a crafted XWD image. It only affects the oldstable distribution (etch). A crafted image file can trigger an infinite loop in the ReadDCMImage function or in the ReadXCFImage function. It only affects the oldstable distribution (etch). Multiple integer overflows allow context-dependent attackers to execute arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file, which triggers a heap-based buffer overflow. It only affects the oldstable distribution (etch). Off-by-one error allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a "\0" character to an out-of-bounds address. It affects only the oldstable distribution (etch). A sign extension error allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. It affects only the oldstable distribution (etch). The load_tile function in the XCF coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write. It affects only to oldstable (etch). Heap-based buffer overflow in the PCX coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption. It affects only to oldstable (etch). Integer overflow allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow.
Family:	unix	Class:	patch
Reference(s):	DSA-1858 CVE-2007-1667 CVE-2007-1797 CVE-2007-4985 CVE-2007-4986 CVE-2007-4987 CVE-2007-4988 CVE-2008-1096 CVE-2008-1097 CVE-2009-1882	Version:	5
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	imagemagick
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is powerpc AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section imagemagick is earlier than 7:6.3.7.9.dfsg2-1~lenny3 AND libmagick9-dev is earlier than 7:6.3.7.9.dfsg2-1~lenny3 AND perlmagick is earlier than 7:6.3.7.9.dfsg2-1~lenny3 AND libmagick++9-dev is earlier than 7:6.3.7.9.dfsg2-1~lenny3 AND libmagick++10 is earlier than 7:6.3.7.9.dfsg2-1~lenny3 AND libmagick10 is earlier than 7:6.3.7.9.dfsg2-1~lenny3 OR Release section Debian GNU/Linux 4.0 is installed. AND Supported architectures section Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section libmagick9 is earlier than 7:6.2.4.5.dfsg1-0.15+etch1 AND imagemagick is earlier than 7:6.2.4.5.dfsg1-0.15+etch1 AND libmagick9-dev is earlier than 7:6.2.4.5.dfsg1-0.15+etch1 AND libmagick++9c2a is earlier than 7:6.2.4.5.dfsg1-0.15+etch1 AND perlmagick is earlier than 7:6.2.4.5.dfsg1-0.15+etch1 AND libmagick++9-dev is earlier than 7:6.2.4.5.dfsg1-0.15+etch1

CPE : Common Platform Enumeration

Type	Description	Count
Application	Imagemagick cpe:2.3:a:imagemagick:imagemagick:6.5.2-8:::::::*	1

OpenVAS Exploits

Date	Description
2011-03-09	Name : Gentoo Security Advisory GLSA 201006-03 (imagemagick) File : nvt/glsa_201006_03.nasl
2010-08-30	Name : CentOS Update for ImageMagick CESA-2010:0653 centos4 i386 File : nvt/gb_CESA-2010_0653_ImageMagick_centos4_i386.nasl
2010-08-30	Name : RedHat Update for ImageMagick RHSA-2010:0652-01 File : nvt/gb_RHSA-2010_0652-01_ImageMagick.nasl
2010-08-30	Name : RedHat Update for ImageMagick RHSA-2010:0653-01 File : nvt/gb_RHSA-2010_0653-01_ImageMagick.nasl
2010-03-02	Name : Fedora Update for GraphicsMagick FEDORA-2010-0001 File : nvt/gb_fedora_2010_0001_GraphicsMagick_fc11.nasl
2010-03-02	Name : Fedora Update for GraphicsMagick FEDORA-2010-0036 File : nvt/gb_fedora_2010_0036_GraphicsMagick_fc12.nasl
2010-01-15	Name : Fedora Update for ImageMagick FEDORA-2010-0295 File : nvt/gb_fedora_2010_0295_ImageMagick_fc11.nasl
2009-12-10	Name : Mandriva Security Advisory MDVSA-2009:260-1 (imagemagick) File : nvt/mdksa_2009_260_1.nasl
2009-10-13	Name : Debian Security Advisory DSA 1903-1 (graphicsmagick) File : nvt/deb_1903_1.nasl
2009-10-13	Name : Mandrake Security Advisory MDVSA-2009:261 (graphicsmagick) File : nvt/mdksa_2009_261.nasl
2009-10-13	Name : Mandrake Security Advisory MDVSA-2009:260 (imagemagick) File : nvt/mdksa_2009_260.nasl
2009-10-11	Name : SLES11: Security update for ImageMagick File : nvt/sles11_libMagickCore1.nasl
2009-08-17	Name : Debian Security Advisory DSA 1858-1 (imagemagick) File : nvt/deb_1858_1.nasl
2009-07-06	Name : SuSE Security Summary SUSE-SR:2009:012 File : nvt/suse_sr_2009_012.nasl
2009-06-15	Name : Ubuntu USN-784-1 (imagemagick) File : nvt/ubuntu_784_1.nasl
2009-06-02	Name : ImageMagick Buffer Overflow Vulnerability (Linux) File : nvt/secpod_imagemagick_bof_vuln_lin.nasl
2009-06-02	Name : ImageMagick Buffer Overflow Vulnerability (Win) File : nvt/secpod_imagemagick_bof_vuln_win.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
54729	ImageMagick magick/xwindow.c XMakeImage() Function TIFF File Handling Overflow

Nessus® Vulnerability Scanner

Date	Description
2013-11-19	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201311-10.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0653.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0652.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100825_ImageMagick_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100825_ImageMagick_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2011-01-27	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_ImageMagick-6284.nasl - Type : ACT_GATHER_INFO
2010-08-26	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0653.nasl - Type : ACT_GATHER_INFO
2010-08-26	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0653.nasl - Type : ACT_GATHER_INFO
2010-08-26	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0652.nasl - Type : ACT_GATHER_INFO
2010-08-26	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0652.nasl - Type : ACT_GATHER_INFO
2010-07-01	Name : The remote Fedora host is missing a security update. File : fedora_2010-0036.nasl - Type : ACT_GATHER_INFO
2010-07-01	Name : The remote Fedora host is missing a security update. File : fedora_2010-0001.nasl - Type : ACT_GATHER_INFO
2010-06-02	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201006-03.nasl - Type : ACT_GATHER_INFO
2010-02-25	Name : The remote Fedora host is missing a security update. File : fedora_2010-0295.nasl - Type : ACT_GATHER_INFO
2010-02-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1903.nasl - Type : ACT_GATHER_INFO
2010-02-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1858.nasl - Type : ACT_GATHER_INFO
2009-10-09	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-260.nasl - Type : ACT_GATHER_INFO
2009-10-09	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-261.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_ImageMagick-090604.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_GraphicsMagick-090609.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_1_ImageMagick-090604.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_1_GraphicsMagick-090609.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_ImageMagick-090604.nasl - Type : ACT_GATHER_INFO
2009-06-24	Name : The remote openSUSE host is missing a security update. File : suse_GraphicsMagick-6294.nasl - Type : ACT_GATHER_INFO
2009-06-24	Name : The remote openSUSE host is missing a security update. File : suse_ImageMagick-6287.nasl - Type : ACT_GATHER_INFO
2009-06-09	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-784-1.nasl - Type : ACT_GATHER_INFO
2009-05-29	Name : The remote Windows host contains an application that is affected by an intege... File : imagemagick_6_5_2_9.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:53:47	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	8
CPE ID(s)	1
osvdb(s)	1
Openvas Exploit(s)	17
Nessus® Exploit(s)	27

	Related
9.3	CVE-2009-1882
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)