6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.224 Low
EPSS
Percentile
96.5%
CentOS Errata and Security Advisory CESA-2008:0165-01
ImageMagick is an image display and manipulation tool for the X Window
System that can read and write multiple image formats.
Several heap-based buffer overflow flaws were found in ImageMagick. If a
victim opened a specially-crafted DCM or XWD file, an attacker could
potentially execute arbitrary code on the victimβs machine. (CVE-2007-1797)
Several denial of service flaws were found in ImageMagickβs parsing of XCF
and DCM files. Attempting to process a specially crafted input file in
these formats could cause ImageMagick to enter an infinite loop.
(CVE-2007-4985)
Several integer overflow flaws were found in ImageMagick. If a victim
opened a specially-crafted DCM, DIB, XBM, XCF or XWD file, an attacker
could potentially execute arbitrary code with the privileges of the user
running ImageMagick. (CVE-2007-4986)
A heap-based buffer overflow flaw was found in ImageMagickβs processing of
certain malformed PCX images. If a victim opened a specially-crafted PCX
file, an attacker could possibly execute arbitrary code with the privileges
of the user running ImageMagick⦠(CVE-2008-1097)
All users of ImageMagick should upgrade to these updated packages, which
contain backported patches to correct these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-April/076988.html
Affected packages:
ImageMagick
ImageMagick-c++
ImageMagick-c+Β±devel
ImageMagick-devel
ImageMagick-perl
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 2 | i386 | imagemagick | <Β 5.3.8-21.c2.1 | ImageMagick-5.3.8-21.c2.1.i386.rpm |
CentOS | 2 | i386 | imagemagick-c++ | <Β 5.3.8-21.c2.1 | ImageMagick-c++-5.3.8-21.c2.1.i386.rpm |
CentOS | 2 | i386 | imagemagick-c++-devel | <Β 5.3.8-21.c2.1 | ImageMagick-c++-devel-5.3.8-21.c2.1.i386.rpm |
CentOS | 2 | i386 | imagemagick-devel | <Β 5.3.8-21.c2.1 | ImageMagick-devel-5.3.8-21.c2.1.i386.rpm |
CentOS | 2 | i386 | imagemagick-perl | <Β 5.3.8-21.c2.1 | ImageMagick-perl-5.3.8-21.c2.1.i386.rpm |