Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2004:636
HistoryDec 08, 2004 - 12:00 a.m.

(RHSA-2004:636) ImageMagick security update

2004-12-0800:00:00
access.redhat.com
7

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.089 Low

EPSS

Percentile

93.9%

JSON

ImageMagick™ is an image display and manipulation tool for the X Window
System.

A buffer overflow flaw was discovered in the ImageMagick image handler.
An attacker could create a carefully crafted image file with an improper
EXIF information in such a way that it would cause ImageMagick to execute
arbitrary code when processing the image. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0981 to
this issue.

David Eisenstein has reported that our previous fix for CAN-2004-0827, a
heap overflow flaw, was incomplete. An attacker could create a carefully
crafted BMP file in such a way that it could cause ImageMagick to execute
arbitrary code when processing the image. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0827 to
this issue.

Users of ImageMagick should upgrade to these updated packages, which
contain a backported patch, and is not vulnerable to this issue.

Related

nessus 14
debian 4
veracode 1
openvas 13
ubuntu 3
osv 2
freebsd 2
ubuntucve 2
cve 2
debiancve 2
redhat 2
gentoo 1
suse 1
nessus
nessus
RHEL 2.1 / 3 : ImageMagick (RHSA-2004:636)
2004-12-13 00:00:00
Mandrake Linux Security Advisory : ImageMagick (MDKSA-2004:143)
2004-12-07 00:00:00
Ubuntu 4.10 : imagemagick vulnerabilities (USN-35-1)
2006-01-15 00:00:00
debian
debian
[SECURITY] [DSA 547-1] New Imagemagic packages fix buffer overflows
2004-09-16 10:10:31
[SECURITY] [DSA 593-1] New imagemagick packages fix arbitrary code execution
2004-11-16 09:34:23
[SECURITY] [DSA 547-1] New Imagemagic packages fix buffer overflows
2004-09-16 10:10:31
veracode
veracode
Denial Of Service (DoS)
2023-07-26 12:55:09
openvas
openvas
FreeBSD Ports: ImageMagick, ImageMagick-nox11
2008-09-04 00:00:00
Debian Security Advisory DSA 547-1 (imagemagic)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200411-11 (imagemagick)
2008-09-24 00:00:00
ubuntu
ubuntu
imagemagick vulnerabilities
2004-12-01 00:00:00
XML library vulnerabilities
2004-10-30 00:00:00
imagemagick vulnerability
2004-10-27 00:00:00
osv
osv
imagemagick - buffer overflows
2004-09-16 00:00:00
imagemagick - buffer overflow
2004-11-16 00:00:00
freebsd
freebsd
ImageMagick -- BMP decoder buffer overflow
2004-08-25 00:00:00
ImageMagick -- EXIF parser buffer overflow
2004-10-25 00:00:00
ubuntucve
ubuntucve
CVE-2004-0827
2004-09-16 00:00:00
CVE-2004-0981
2005-02-09 00:00:00
cve
cve
CVE-2004-0827
2004-09-16 04:00:00
CVE-2004-0981
2005-02-09 05:00:00
debiancve
debiancve
CVE-2004-0827
2004-09-16 04:00:00
CVE-2004-0981
2005-02-09 05:00:00
redhat
redhat
(RHSA-2004:480) ImageMagick security update
2004-10-20 00:00:00
(RHSA-2004:494) ImageMagick security update
2004-10-20 00:00:00
gentoo
gentoo
ImageMagick: EXIF buffer overflow
2004-11-06 00:00:00
suse
suse
remote code execution in cups
2004-09-15 14:45:26

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.089 Low

EPSS

Percentile

93.9%

JSON
Related for RHSA-2004:636
nessus14debian4veracode1openvas13ubuntu3osv2freebsd2ubuntucve2cve2debiancve2redhat2gentoo1suse1