(RHSA-2006:0178) ImageMagick security update

2006-02-14T05:00:00
ID RHSA-2006:0178
Type redhat
Reporter RedHat
Modified 2018-03-14T19:27:03

Description

ImageMagick(TM) is an image display and manipulation tool for the X Window System that can read and write multiple image formats.

A shell command injection flaw was found in ImageMagick's "display" command. It is possible to execute arbitrary commands by tricking a user into running "display" on a file with a specially crafted name. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2005-4601 to this issue.

A format string flaw was discovered in the way ImageMagick handles filenames. It may be possible to execute arbitrary commands by tricking a user into running a carefully crafted ImageMagick command. (CVE-2006-0082)

Users of ImageMagick should upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues.