[SECURITY] [DSA 2427-1] imagemagick security update

ID DEBIAN:DSA-2427-1:217F0
Type debian
Reporter Debian
Modified 2012-03-06T19:13:37


Debian Security Advisory DSA-2427-1 security@debian.org http://www.debian.org/security/ Florian Weimer March 06, 2012 http://www.debian.org/security/faq

Package : imagemagick Vulnerability : several Problem type : local CVE ID : CVE-2012-0247 CVE-2012-0248

Two security vulnerabilities related to EXIF processing were discovered in ImageMagick, a suite of programs to manipulate images:

CVE-2012-0247 When parsing a maliciously crafted image with incorrect offset and count in the ResolutionUnit tag in EXIF IFD0, ImageMagick writes two bytes to an invalid address.

CVE-2012-0248 Parsing a maliciously crafted image with an IFD whose all IOP tags value offsets point to the beginning of the IFD itself results in an endless loop and a denial of service.

For the stable distribution (squeeze), these problems have been fixed in version 8:

For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 8:

We recommend that you upgrade your imagemagick packages.

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org