Executive Summary
Summary | |
---|---|
Title | ImageMagick vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-132-1 | First vendor Publication | 2005-05-23 |
Vendor | Ubuntu | Last vendor Modification | 2005-05-23 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: libmagick6 The problem can be corrected by upgrading the affected package to version 5:6.0.2.5-1ubuntu1.5 (for Ubuntu 4.10), or 6:6.0.6.2-2.1ubuntu1.1 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Damian Put discovered a buffer overflow in the PNM image decoder. Processing a specially crafted PNM file with a small "colors" value resulted in a crash of the application that used the ImageMagick library. (CAN-2005-1275) Another Denial of Service vulnerability was found in the XWD decoder. Specially crafted invalid color masks resulted in an infinite loop which caused the application using the ImageMagick library to stop working and use all available CPU resources. (http://bugs.gentoo.org/show_bug.cgi?id=90423) |
Original Source
Url : http://www.ubuntu.com/usn/USN-132-1 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10003 | |||
Oval ID: | oval:org.mitre.oval:def:10003 | ||
Title: | Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ImageMagick 6.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a PNM file with a small colors value. | ||
Description: | Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ImageMagick 6.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a PNM file with a small colors value. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-1275 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11667 | |||
Oval ID: | oval:org.mitre.oval:def:11667 | ||
Title: | The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick before 1.1.6-r1, allows remote attackers to cause a denial of service (infinite loop) via an image with a zero color mask. | ||
Description: | The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick before 1.1.6-r1, allows remote attackers to cause a denial of service (infinite loop) via an image with a zero color mask. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-1739 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:711 | |||
Oval ID: | oval:org.mitre.oval:def:711 | ||
Title: | ImageMagick Buffer Overflow in ReadPNMImage() | ||
Description: | Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ImageMagick 6.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a PNM file with a small colors value. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-1275 | Version: | 1 |
Platform(s): | Red Hat Enterprise Linux 3 | Product(s): | ImageMagick |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:960 | |||
Oval ID: | oval:org.mitre.oval:def:960 | ||
Title: | Magick XWD Decoder DoS | ||
Description: | The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick before 1.1.6-r1, allows remote attackers to cause a denial of service (infinite loop) via an image with a zero color mask. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-1739 | Version: | 1 |
Platform(s): | Red Hat Enterprise Linux 3 | Product(s): | ImageMagick |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2008-09-24 | Name : Gentoo Security Advisory GLSA 200505-16 (ImageMagick) File : nvt/glsa_200505_16.nasl |
2008-09-04 | Name : FreeBSD Ports: ImageMagick File : nvt/freebsd_ImageMagick4.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
16775 | GraphicsMagick XWD Color Mask Decoding DoS |
16774 | ImageMagick XWD Color Mask Decoding DoS |
15891 | ImageMagick ReadPNMImage() PNM Image Decoding Overflow DoS ImageMagick contains a flaw that may allow a heap overflow triggering a denial of service. The issue is triggered due to a lack of bounds checking in the ReadPNMImage() function when decoding PNM images, and will result in loss of availability for the application. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-413.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-480.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-132-1.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_cd286cc5b76211d9bfb7000c6ec775d9.nasl - Type : ACT_GATHER_INFO |
2005-06-28 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-107.nasl - Type : ACT_GATHER_INFO |
2005-06-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-480.nasl - Type : ACT_GATHER_INFO |
2005-05-28 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200505-16.nasl - Type : ACT_GATHER_INFO |
2005-05-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-413.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:59:30 |
|
2013-05-11 12:25:02 |
|