Lucene search

UbuntuUSN-132-1

HistoryMay 23, 2005 - 12:00 a.m.

ImageMagick vulnerabilities

2005-05-2300:00:00

ubuntu.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.7 Medium

AI Score

Confidence

Low

0.028 Low

EPSS

Percentile

90.7%

JSON

Releases

Ubuntu 5.04
Ubuntu 4.10

Details

Damian Put discovered a buffer overflow in the PNM image decoder.
Processing a specially crafted PNM file with a small “colors” value
resulted in a crash of the application that used the ImageMagick
library. (CAN-2005-1275)

Another Denial of Service vulnerability was found in the XWD decoder.
Specially crafted invalid color masks resulted in an infinite loop
which caused the application using the ImageMagick library to stop
working and use all available CPU resources.
(<http://bugs.gentoo.org/show_bug.cgi?id=90423>)

OSVersionArchitecturePackageVersionFilename
Ubuntu5.04noarchlibmagick6< *UNKNOWN
Ubuntu4.10noarchlibmagick6< *UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	5.04	noarch	libmagick6	< *	UNKNOWN
Ubuntu	4.10	noarch	libmagick6	< *	UNKNOWN

References

ubuntu.com/security/CVE-2005-1275

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.7 Medium

AI Score

Confidence

Low

0.028 Low

EPSS

Percentile

90.7%

JSON

Related for USN-132-1