Executive Summary
| Summary | |
|---|---|
| Title | imagemagick vulnerability |
| Informations | |||
|---|---|---|---|
| Name | USN-372-1 | First vendor Publication | 2006-11-01 |
| Vendor | Ubuntu | Last vendor Modification | 2006-11-01 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 5.1 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | High |
| Cvss Expoit Score | 4.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: Ubuntu 5.10: Ubuntu 6.06 LTS: Ubuntu 6.10: In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: M. Joonas Pihlaja discovered that ImageMagick did not sufficiently verify the validity of PALM and DCM images. When processing a specially crafted image with an application that uses imagemagick, this could be exploited to execute arbitrary code with the application's privileges. |
Original Source
| Url : http://www.ubuntu.com/usn/USN-372-1 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:9765 | |||
| Oval ID: | oval:org.mitre.oval:def:9765 | ||
| Title: | Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. | ||
| Description: | Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2006-5456 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-04-09 | Name : Mandriva Update for ImageMagick MDKSA-2007:041 (ImageMagick) File : nvt/gb_mandriva_MDKSA_2007_041.nasl |
| 2009-03-23 | Name : Ubuntu Update for imagemagick vulnerabilities USN-422-1 File : nvt/gb_ubuntu_USN_422_1.nasl |
| 2009-02-27 | Name : Fedora Update for GraphicsMagick FEDORA-2007-1340 File : nvt/gb_fedora_2007_1340_GraphicsMagick_fc7.nasl |
| 2009-02-27 | Name : Fedora Update for ImageMagick FEDORA-2007-414 File : nvt/gb_fedora_2007_414_ImageMagick_fc5.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200611-07 (graphicsmagick) File : nvt/glsa_200611_07.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200611-19 (imagemagick) File : nvt/glsa_200611_19.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1213-1 (imagemagick) File : nvt/deb_1213_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1260-1 (imagemagick) File : nvt/deb_1260_1.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2007-066-06 imagemagick File : nvt/esoft_slk_ssa_2007_066_06.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 29990 | ImageMagick ReadPALMImage Function Overflow A local buffer overflow exists in ImageMagick. The application fails to check boundary conditions in the 'ReadPALMImage()' function resulting in a heap overflow. With a specially crafted request, an attacker can cause a denial of service and possibly execution of arbitrary code, resulting in a loss of availability. In order to exploit this issue an attacker has to persuade the victim to open a malformed PALM image. |
| 29989 | ImageMagick coders/dcm.c Unspecified Overflow |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0015.nasl - Type : ACT_GATHER_INFO |
| 2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_ImageMagick-2592.nasl - Type : ACT_GATHER_INFO |
| 2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_ImageMagick-2239.nasl - Type : ACT_GATHER_INFO |
| 2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-422-1.nasl - Type : ACT_GATHER_INFO |
| 2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-372-1.nasl - Type : ACT_GATHER_INFO |
| 2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-1340.nasl - Type : ACT_GATHER_INFO |
| 2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_GraphicsMagick-2593.nasl - Type : ACT_GATHER_INFO |
| 2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_ImageMagick-2235.nasl - Type : ACT_GATHER_INFO |
| 2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_ImageMagick-2585.nasl - Type : ACT_GATHER_INFO |
| 2007-04-19 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-414.nasl - Type : ACT_GATHER_INFO |
| 2007-03-12 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2007-066-06.nasl - Type : ACT_GATHER_INFO |
| 2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-193.nasl - Type : ACT_GATHER_INFO |
| 2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-041.nasl - Type : ACT_GATHER_INFO |
| 2007-02-18 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2006_066.nasl - Type : ACT_GATHER_INFO |
| 2007-02-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0015.nasl - Type : ACT_GATHER_INFO |
| 2007-02-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0015.nasl - Type : ACT_GATHER_INFO |
| 2007-02-15 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1260.nasl - Type : ACT_GATHER_INFO |
| 2006-11-27 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200611-19.nasl - Type : ACT_GATHER_INFO |
| 2006-11-20 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200611-07.nasl - Type : ACT_GATHER_INFO |
| 2006-11-20 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1213.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 12:03:54 |
|
