Lucene search

K
gentooGentoo FoundationGLSA-200501-26
HistoryJan 20, 2005 - 12:00 a.m.

ImageMagick: PSD decoding heap overflow

2005-01-2000:00:00
Gentoo Foundation
security.gentoo.org
23

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.108

Percentile

95.1%

Background

ImageMagick is a collection of tools to read, write and manipulate images in many formats.

Description

Andrei Nigmatulin discovered that a Photoshop Document (PSD) file with more than 24 layers could trigger a heap overflow.

Impact

An attacker could potentially design a mailicous PSD image file to cause arbitrary code execution with the permissions of the user running ImageMagick.

Workaround

There is no known workaround at this time.

Resolution

All ImageMagick users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.1.8.8"
OSVersionArchitecturePackageVersionFilename
Gentooanyallmedia-gfx/imagemagick< 6.1.8.8UNKNOWN

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.108

Percentile

95.1%