ImageMagick Multiple Unspecified Image Handling Heap-Based Memory Corruption Vulnerabilities

BID:13100

Info

ImageMagick Multiple Unspecified Image Handling Heap-Based Memory Corruption Vulnerabilities

Bugtraq ID: 13100
Class: Boundary Condition Error
CVE:
Remote: Yes
Local: No
Published: Apr 11 2005 12:00AM
Updated: Apr 11 2005 12:00AM
Credit: These issues were reported by Bruno Rohee.
Vulnerable: ImageMagick ImageMagick 6.2 .0.7
+ Redhat Fedora Core3
 + Redhat Fedora Core2
 ImageMagick ImageMagick 6.2 .0.4
+ Gentoo Linux
ImageMagick ImageMagick 6.2
ImageMagick ImageMagick 6.1.8
+ Gentoo Linux
ImageMagick ImageMagick 6.1.7
ImageMagick ImageMagick 6.1.6
ImageMagick ImageMagick 6.1.5
ImageMagick ImageMagick 6.1.4
ImageMagick ImageMagick 6.1.3
ImageMagick ImageMagick 6.1.2
ImageMagick ImageMagick 6.1.1
ImageMagick ImageMagick 6.1
ImageMagick ImageMagick 6.0.8
ImageMagick ImageMagick 6.0.7
+ Redhat Desktop 4.0
+ Redhat Enterprise Linux Desktop version 4
 + Redhat Enterprise Linux AS 4
 + Redhat Enterprise Linux ES 4
 + Redhat Enterprise Linux WS 4
 + S.u.S.E. Linux Personal 9.2 x86_64
 + S.u.S.E. Linux Personal 9.2
ImageMagick ImageMagick 6.0.6
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
 + Ubuntu Ubuntu Linux 5.0 4 i386
 + Ubuntu Ubuntu Linux 5.0 4 amd64
 ImageMagick ImageMagick 6.0.5
+ Turbolinux Home
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Server 10.0
ImageMagick ImageMagick 6.0.4
+ Mandriva Linux Mandrake 10.1 x86_64
 + Mandriva Linux Mandrake 10.1
ImageMagick ImageMagick 6.0.3
ImageMagick ImageMagick 6.0.2 .5
+ Ubuntu Ubuntu Linux 4.1 ppc
 + Ubuntu Ubuntu Linux 4.1 ia64
 + Ubuntu Ubuntu Linux 4.1 ia32
 ImageMagick ImageMagick 6.0.2
+ Ubuntu Ubuntu Linux 4.1 ppc
 + Ubuntu Ubuntu Linux 4.1 ia64
 + Ubuntu Ubuntu Linux 4.1 ia32
 ImageMagick ImageMagick 6.0.1
ImageMagick ImageMagick 6.0
ImageMagick ImageMagick 5.5.7
+ Mandriva Linux Mandrake 10.0 AMD64
 + Mandriva Linux Mandrake 10.0
+ Mandriva Linux Mandrake 9.2 amd64
 + Mandriva Linux Mandrake 9.2
+ S.u.S.E. Linux Personal 9.1 x86_64
 + S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.0 x86_64
 + S.u.S.E. Linux Personal 9.0
ImageMagick ImageMagick 5.5.6 .0-20030409
+ OpenPKG OpenPKG Current
 ImageMagick ImageMagick 5.5.6
+ Redhat Desktop 3.0
+ Redhat Enterprise Linux AS 3
 + Redhat Enterprise Linux ES 3
 + Redhat Enterprise Linux WS 3
 ImageMagick ImageMagick 5.5.4
+ S.u.S.E. Linux Personal 8.2
ImageMagick ImageMagick 5.5.3 .2-1.2.0
+ OpenPKG OpenPKG 1.2
ImageMagick ImageMagick 5.4.8 .2-1.1.0
+ OpenPKG OpenPKG 1.1
ImageMagick ImageMagick 5.4.8
+ MandrakeSoft Corporate Server 2.1 x86_64
 + MandrakeSoft Corporate Server 2.1
ImageMagick ImageMagick 5.4.7
+ Turbolinux Turbolinux Server 8.0
ImageMagick ImageMagick 5.4.4 .5
+ Debian Linux 3.0 sparc
 + Debian Linux 3.0 s/390
 + Debian Linux 3.0 ppc
 + Debian Linux 3.0 mipsel
 + Debian Linux 3.0 mips
 + Debian Linux 3.0 m68k
 + Debian Linux 3.0 ia-64
 + Debian Linux 3.0 ia-32
 + Debian Linux 3.0 hppa
 + Debian Linux 3.0 arm
 + Debian Linux 3.0 alpha
 + Debian Linux 3.0
ImageMagick ImageMagick 5.4.3
+ Turbolinux Turbolinux Workstation 8.0
ImageMagick ImageMagick 5.3.8
+ Redhat Enterprise Linux AS 2.1 IA64
 + Redhat Enterprise Linux AS 2.1
 + Redhat Enterprise Linux ES 2.1 IA64
 + Redhat Enterprise Linux ES 2.1
 + Redhat Enterprise Linux WS 2.1 IA64
 + Redhat Enterprise Linux WS 2.1
 ImageMagick ImageMagick 5.3.3
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Workstation 7.0
Not Vulnerable:

Discussion

ImageMagick Multiple Unspecified Image Handling Heap-Based Memory Corruption Vulnerabilities

ImageMagick is reported prone to multiple unspecified heap memory corruption vulnerabilities. It is reported that these issues are caused by a lack of sufficient sanity checks performed while allocating heap-based memory when the chunk size is derived from the image height, width and plane values.

It is reported that a malicious image may be used to trigger these issues.

A remote attacker may potentially exploit these vulnerabilities to crash affected software, or to potentially execute arbitrary code in the context of the user that is running the affected software, although this is not confirmed.

This BID will be updated and split into unique BIDs as soon as further information is available.

Exploit / POC

ImageMagick Multiple Unspecified Image Handling Heap-Based Memory Corruption Vulnerabilities

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Solution / Fix

ImageMagick Multiple Unspecified Image Handling Heap-Based Memory Corruption Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

References

ImageMagick Multiple Unspecified Image Handling Heap-Based Memory Corruption Vulnerabilities

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report