oval:org.mitre.oval:def:13308

Definition Id: oval:org.mitre.oval:def:13308

Oval ID:	oval:org.mitre.oval:def:13308
Title:	DSA-1858-1 imagemagick -- multiple
Description:	Several vulnerabilities have been discovered in the imagemagick image manipulation programs which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-1667 Multiple integer overflows in XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. It only affects the oldstable distribution. CVE-2007-1797 Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted DCM image, or the colors or comments field in a crafted XWD image. It only affects the oldstable distribution. CVE-2007-4985 A crafted image file can trigger an infinite loop in the ReadDCMImage function or in the ReadXCFImage function. It only affects the oldstable distribution. CVE-2007-4986 Multiple integer overflows allow context-dependent attackers to execute arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file, which triggers a heap-based buffer overflow. It only affects the oldstable distribution. CVE-2007-4987 Off-by-one error allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a "\0" character to an out-of-bounds address. It affects only the oldstable distribution. CVE-2007-4988 A sign extension error allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. It affects only the oldstable distribution. CVE-2008-1096 The load_tile function in the XCF coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write. It affects only to oldstable. CVE-2008-1097 Heap-based buffer overflow in the PCX coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption. It affects only to oldstable. CVE-2009-1882 Integer overflow allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. For the old stable distribution, these problems have been fixed in version 7:6.2.4.5.dfsg1-0.15+etch1. For the stable distribution, these problems have been fixed in version 7:6.3.7.9.dfsg2-1~lenny3. For the upcoming stable distribution and the unstable distribution, these problems have been fixed in version 7:6.5.1.0-1.1. We recommend that you upgrade your imagemagick packages.
Family:	unix	Class:	patch
Reference(s):	DSA-1858-1 CVE-2007-1667 CVE-2007-1797 CVE-2007-4985 CVE-2007-4986 CVE-2007-4987 CVE-2007-4988 CVE-2008-1096 CVE-2008-1097 CVE-2009-1882	Version:	7
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	imagemagick
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Packages section imagemagick DPKG is earlier than 7:6.3.7.9.dfsg2-1~lenny3 AND libmagick9-dev DPKG is earlier than 7:6.3.7.9.dfsg2-1~lenny3 AND perlmagick DPKG is earlier than 7:6.3.7.9.dfsg2-1~lenny3 AND libmagick++9-dev DPKG is earlier than 7:6.3.7.9.dfsg2-1~lenny3 AND libmagick++10 DPKG is earlier than 7:6.3.7.9.dfsg2-1~lenny3 AND libmagick10 DPKG is earlier than 7:6.3.7.9.dfsg2-1~lenny3 OR Release section Debian GNU/Linux 4.0 is installed. AND Supported architectures section Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section libmagick9 DPKG is earlier than 7:6.2.4.5.dfsg1-0.15+etch1 AND imagemagick DPKG is earlier than 7:6.2.4.5.dfsg1-0.15+etch1 AND libmagick9-dev DPKG is earlier than 7:6.2.4.5.dfsg1-0.15+etch1 AND libmagick++9c2a DPKG is earlier than 7:6.2.4.5.dfsg1-0.15+etch1 AND perlmagick DPKG is earlier than 7:6.2.4.5.dfsg1-0.15+etch1 AND libmagick++9-dev DPKG is earlier than 7:6.2.4.5.dfsg1-0.15+etch1

Definition Id: oval:org.mitre.oval:def:6513

Oval ID:	oval:org.mitre.oval:def:6513
Title:	Debian GNU/Linux 5.0 is installed
Description:	Debian GNU/Linux 5.0 (lenny) is installed
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:debian:debian_gnu/linux:5.0	Version:	7
Platform(s):	Debian GNU/Linux 5.0	Product(s):
Definition Synopsis:
Debian GNU/Linux 5.0 is installed
Referenced By:
oval:org.mitre.oval:def:13308

Definition Id: oval:org.mitre.oval:def:6461

Oval ID:	oval:org.mitre.oval:def:6461
Title:	Debian GNU/Linux 4.0 is installed.
Description:	Debian GNU/Linux 4.0 (etch) is installed
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:debian:debian_gnu/linux:4.0	Version:	9
Platform(s):	Debian GNU/Linux 4.0	Product(s):
Definition Synopsis:
Debian GNU/Linux 4.0 is installed
Referenced By:
oval:org.mitre.oval:def:13308

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.0351s

Facebook rss twitter linkedin mail