oval:org.mitre.oval:def:7485

Definition Id: oval:org.mitre.oval:def:7485

Oval ID:	oval:org.mitre.oval:def:7485
Title:	DSA-1903 graphicsmagick -- several vulnerabilities
Description:	Several vulnerabilities have been discovered in graphicsmagick, a collection of image processing tool, which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS. The Common Vulnerabilities and Exposures project identifies the following problems: Multiple integer overflows in XInitImage function in xwd.c for GraphicsMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. It only affects the oldstable distribution (etch). Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted DCM image, or the colors or comments field in a crafted XWD image. It only affects the oldstable distribution (etch). A crafted image file can trigger an infinite loop in the ReadDCMImage function or in the ReadXCFImage function. It only affects the oldstable distribution (etch). Multiple integer overflows allow context-dependent attackers to execute arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file, which triggers a heap-based buffer overflow. It only affects the oldstable distribution (etch). A sign extension error allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. It affects only the oldstable distribution (etch). The load_tile function in the XCF coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write. It affects only oldstable (etch). Multiple vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via vectors in the AVI, AVS, DCM, EPT, FITS, MTV, PALM, RLA, and TGA decoder readers; and the GetImageCharacteristics function in magick/image.c, as reachable from a crafted PNG, JPEG, BMP, or TIFF file. Multiple heap-based buffer underflows in the ReadPALMImage function in coders/palm.c in GraphicsMagick before 1.2.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PALM image. Heap-based buffer overflow in the DecodeImage function in coders/pict.c in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PICT image. Multiple vulnerabilities in GraphicsMagick allow remote attackers to cause a denial of service (crash) via vectors in XCF and CINEON images. Vulnerability in GraphicsMagick allows remote attackers to cause a denial of service (crash) via vectors in DPX images. Integer overflow allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow.
Family:	unix	Class:	patch
Reference(s):	DSA-1903 CVE-2007-1667 CVE-2007-1797 CVE-2007-4985 CVE-2007-4986 CVE-2007-4988 CVE-2008-1096 CVE-2008-3134 CVE-2008-6070 CVE-2008-6071 CVE-2008-6072 CVE-2008-6621 CVE-2009-1882	Version:	3
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	graphicsmagick
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section graphicsmagick-libmagick-dev-compat is earlier than 1.1.11-3.2+lenny1 AND graphicsmagick-imagemagick-compat is earlier than 1.1.11-3.2+lenny1 OR Architecture dependent section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section libgraphics-magick-perl is earlier than 1.1.11-3.2+lenny1 AND libgraphicsmagick++1 is earlier than 1.1.11-3.2+lenny1 AND libgraphicsmagick1-dev is earlier than 1.1.11-3.2+lenny1 AND libgraphicsmagick1 is earlier than 1.1.11-3.2+lenny1 AND graphicsmagick-dbg is earlier than 1.1.11-3.2+lenny1 AND graphicsmagick is earlier than 1.1.11-3.2+lenny1 AND libgraphicsmagick++1-dev is earlier than 1.1.11-3.2+lenny1 OR Release section Debian GNU/Linux 4.0 is installed. AND Architecture section Architecture independent section Installed architecture is all AND Packages section graphicsmagick-libmagick-dev-compat is earlier than 1.1.7-13+etch1 AND graphicsmagick-imagemagick-compat is earlier than 1.1.7-13+etch1 AND libgraphics-magick-perl is earlier than 1.1.7-13+etch1 AND libgraphicsmagick++1 is earlier than 1.1.7-13+etch1 AND libgraphicsmagick1-dev is earlier than 1.1.7-13+etch1 AND libgraphicsmagick1 is earlier than 1.1.7-13+etch1 AND graphicsmagick-dbg is earlier than 1.1.7-13+etch1 AND graphicsmagick is earlier than 1.1.7-13+etch1 AND libgraphicsmagick++1-dev is earlier than 1.1.7-13+etch1

Definition Id: oval:org.mitre.oval:def:6513

Oval ID:	oval:org.mitre.oval:def:6513
Title:	Debian GNU/Linux 5.0 is installed
Description:	Debian GNU/Linux 5.0 (lenny) is installed
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:debian:debian_gnu/linux:5.0	Version:	7
Platform(s):	Debian GNU/Linux 5.0	Product(s):
Definition Synopsis:
Debian GNU/Linux 5.0 is installed
Referenced By:
oval:org.mitre.oval:def:7485

Definition Id: oval:org.mitre.oval:def:6461

Oval ID:	oval:org.mitre.oval:def:6461
Title:	Debian GNU/Linux 4.0 is installed.
Description:	Debian GNU/Linux 4.0 (etch) is installed
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:debian:debian_gnu/linux:4.0	Version:	9
Platform(s):	Debian GNU/Linux 4.0	Product(s):
Definition Synopsis:
Debian GNU/Linux 4.0 is installed
Referenced By:
oval:org.mitre.oval:def:7485

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.0340s

Facebook rss twitter linkedin mail