Executive Summary
Summary | |
---|---|
Title | ImageMagick vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-422-1 | First vendor Publication | 2007-02-15 |
Vendor | Ubuntu | Last vendor Modification | 2007-02-15 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: Ubuntu 6.06 LTS: Ubuntu 6.10: In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Vladimir Nadvornik discovered that the fix for CVE-2006-5456, released in USN-372-1, did not correctly solve the original flaw in PALM image handling. By tricking a user into processing a specially crafted image with an application that uses imagemagick, an attacker could execute arbitrary code with the user's privileges. |
Original Source
Url : http://www.ubuntu.com/usn/USN-422-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:9765 | |||
Oval ID: | oval:org.mitre.oval:def:9765 | ||
Title: | Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. | ||
Description: | Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-5456 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-04-09 | Name : Mandriva Update for ImageMagick MDKSA-2007:041 (ImageMagick) File : nvt/gb_mandriva_MDKSA_2007_041.nasl |
2009-03-23 | Name : Ubuntu Update for imagemagick vulnerabilities USN-422-1 File : nvt/gb_ubuntu_USN_422_1.nasl |
2009-02-27 | Name : Fedora Update for GraphicsMagick FEDORA-2007-1340 File : nvt/gb_fedora_2007_1340_GraphicsMagick_fc7.nasl |
2009-02-27 | Name : Fedora Update for ImageMagick FEDORA-2007-414 File : nvt/gb_fedora_2007_414_ImageMagick_fc5.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200611-07 (graphicsmagick) File : nvt/glsa_200611_07.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200611-19 (imagemagick) File : nvt/glsa_200611_19.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1213-1 (imagemagick) File : nvt/deb_1213_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1260-1 (imagemagick) File : nvt/deb_1260_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2007-066-06 imagemagick File : nvt/esoft_slk_ssa_2007_066_06.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
31911 | ImageMagick coders/palm.c ReadPALMImage Overflow ImageMagick contains a boundary error within the 'ReadPALMImage()' function in coders/palm.c that may allow a malicious user to cause a Denial of Service and possibly execute arbitrary code. In order to exploit this issue an attacker has to persuade the victim to open a malformed PALM image. |
29990 | ImageMagick ReadPALMImage Function Overflow A local buffer overflow exists in ImageMagick. The application fails to check boundary conditions in the 'ReadPALMImage()' function resulting in a heap overflow. With a specially crafted request, an attacker can cause a denial of service and possibly execution of arbitrary code, resulting in a loss of availability. In order to exploit this issue an attacker has to persuade the victim to open a malformed PALM image. |
29989 | ImageMagick coders/dcm.c Unspecified Overflow |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0015.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_ImageMagick-2592.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_ImageMagick-2239.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-422-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-372-1.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-1340.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_GraphicsMagick-2593.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_ImageMagick-2235.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_ImageMagick-2585.nasl - Type : ACT_GATHER_INFO |
2007-04-19 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-414.nasl - Type : ACT_GATHER_INFO |
2007-03-12 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2007-066-06.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-193.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-041.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2006_066.nasl - Type : ACT_GATHER_INFO |
2007-02-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0015.nasl - Type : ACT_GATHER_INFO |
2007-02-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0015.nasl - Type : ACT_GATHER_INFO |
2007-02-15 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1260.nasl - Type : ACT_GATHER_INFO |
2006-11-27 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200611-19.nasl - Type : ACT_GATHER_INFO |
2006-11-20 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200611-07.nasl - Type : ACT_GATHER_INFO |
2006-11-20 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1213.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:04:10 |
|
2013-05-11 12:25:47 |
|