(RHSA-2005:070) ImageMagick security update

2005-03-2300:00:00

access.redhat.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.136 Low

EPSS

Percentile

95.0%

JSON

ImageMagick is an image display and manipulation tool for the X Window
System.

Andrei Nigmatulin discovered a heap based buffer overflow flaw in the
ImageMagick image handler. An attacker could create a carefully crafted
Photoshop Document (PSD) image in such a way that it would cause
ImageMagick to execute arbitrary code when processing the image. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0005 to this issue.

A format string bug was found in the way ImageMagick handles filenames. An
attacker could execute arbitrary code on a victim’s machine if they were
able to trick the victim into opening a file with a specially crafted name.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0397 to this issue.

A bug was found in the way ImageMagick handles TIFF tags. It is possible
that a TIFF image file with an invalid tag could cause ImageMagick to
crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0759 to this issue.

A bug was found in ImageMagick’s TIFF decoder. It is possible that a
specially crafted TIFF image file could cause ImageMagick to crash. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-0760 to this issue.

A bug was found in the way ImageMagick parses PSD files. It is possible
that a specially crafted PSD file could cause ImageMagick to crash. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-0761 to this issue.

A heap overflow bug was found in ImageMagick’s SGI parser. It is possible
that an attacker could execute arbitrary code by tricking a user into
opening a specially crafted SGI image file. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-0762 to
this issue.

Users of ImageMagick should upgrade to these updated packages, which
contain backported patches, and are not vulnerable to these issues.

OSVersionArchitecturePackageVersionFilename
RedHatanyi386imagemagick-perl< 5.5.6-13ImageMagick-perl-5.5.6-13.i386.rpm
RedHatanyi386imagemagick-c++< 5.3.8-10ImageMagick-c++-5.3.8-10.i386.rpm
RedHatanyi386imagemagick< 5.5.6-13ImageMagick-5.5.6-13.i386.rpm
RedHatanyppcimagemagick-c++< 5.5.6-13ImageMagick-c++-5.5.6-13.ppc.rpm
RedHatanyia64imagemagick< 5.5.6-13ImageMagick-5.5.6-13.ia64.rpm
RedHatanyx86_64imagemagick-c++-devel< 5.5.6-13ImageMagick-c++-devel-5.5.6-13.x86_64.rpm
RedHatanyia64imagemagick-devel< 5.5.6-13ImageMagick-devel-5.5.6-13.ia64.rpm
RedHatanyppcimagemagick-devel< 5.5.6-13ImageMagick-devel-5.5.6-13.ppc.rpm
RedHatanys390imagemagick-c++< 5.5.6-13ImageMagick-c++-5.5.6-13.s390.rpm
RedHatanyi386imagemagick-c++< 5.5.6-13ImageMagick-c++-5.5.6-13.i386.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	i386	imagemagick-perl	< 5.5.6-13	ImageMagick-perl-5.5.6-13.i386.rpm
RedHat	any	i386	imagemagick-c++	< 5.3.8-10	ImageMagick-c++-5.3.8-10.i386.rpm
RedHat	any	i386	imagemagick	< 5.5.6-13	ImageMagick-5.5.6-13.i386.rpm
RedHat	any	ppc	imagemagick-c++	< 5.5.6-13	ImageMagick-c++-5.5.6-13.ppc.rpm
RedHat	any	ia64	imagemagick	< 5.5.6-13	ImageMagick-5.5.6-13.ia64.rpm
RedHat	any	x86_64	imagemagick-c++-devel	< 5.5.6-13	ImageMagick-c++-devel-5.5.6-13.x86_64.rpm
RedHat	any	ia64	imagemagick-devel	< 5.5.6-13	ImageMagick-devel-5.5.6-13.ia64.rpm
RedHat	any	ppc	imagemagick-devel	< 5.5.6-13	ImageMagick-devel-5.5.6-13.ppc.rpm
RedHat	any	s390	imagemagick-c++	< 5.5.6-13	ImageMagick-c++-5.5.6-13.s390.rpm
RedHat	any	i386	imagemagick-c++	< 5.5.6-13	ImageMagick-c++-5.5.6-13.i386.rpm