ImageMagick security update

CentOS Errata and Security Advisory CESA-2008:0165-01

ImageMagick is an image display and manipulation tool for the X Window
System that can read and write multiple image formats.

Several heap-based buffer overflow flaws were found in ImageMagick. If a
victim opened a specially-crafted DCM or XWD file, an attacker could
potentially execute arbitrary code on the victim’s machine. (CVE-2007-1797)

Several denial of service flaws were found in ImageMagick’s parsing of XCF
and DCM files. Attempting to process a specially crafted input file in
these formats could cause ImageMagick to enter an infinite loop.
(CVE-2007-4985)

Several integer overflow flaws were found in ImageMagick. If a victim
opened a specially-crafted DCM, DIB, XBM, XCF or XWD file, an attacker
could potentially execute arbitrary code with the privileges of the user
running ImageMagick. (CVE-2007-4986)

A heap-based buffer overflow flaw was found in ImageMagick’s processing of
certain malformed PCX images. If a victim opened a specially-crafted PCX
file, an attacker could possibly execute arbitrary code with the privileges
of the user running ImageMagick… (CVE-2008-1097)

All users of ImageMagick should upgrade to these updated packages, which
contain backported patches to correct these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-April/076988.html

Affected packages:
ImageMagick
ImageMagick-c++
ImageMagick-c+±devel
ImageMagick-devel
ImageMagick-perl