Imagemagick Image Index Array Remote Heap Buffer Overflow Vulnerability
BID:22692
Info
Imagemagick Image Index Array Remote Heap Buffer Overflow Vulnerability
| Bugtraq ID: | 22692 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-0440 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 02 2006 12:00AM |
| Updated: | Feb 23 2007 09:16PM |
| Credit: | Damian Put <[email protected]> discovered this vulnerability. |
| Vulnerable: |
Redhat Enterprise Linux WS 4 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux WS 2.1 IA64 Redhat Enterprise Linux WS 2.1 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux ES 2.1 IA64 Redhat Enterprise Linux ES 2.1 Redhat Enterprise Linux AS 4 Redhat Enterprise Linux AS 3 Redhat Enterprise Linux AS 2.1 IA64 Redhat Enterprise Linux AS 2.1 Redhat Desktop 4.0 Redhat Desktop 3.0 Redhat Advanced Workstation for the Itanium Processor 2.1 IA64 Redhat Advanced Workstation for the Itanium Processor 2.1 ImageMagick ImageMagick 6.2.8 ImageMagick ImageMagick 6.2.7 ImageMagick ImageMagick 6.2.6 ImageMagick ImageMagick 6.2.5 ImageMagick ImageMagick 6.2.4 .5 ImageMagick ImageMagick 6.2.4 ImageMagick ImageMagick 6.2.3 ImageMagick ImageMagick 6.2.2 ImageMagick ImageMagick 6.2.1 ImageMagick ImageMagick 6.2 .0.7 ImageMagick ImageMagick 6.2 .0.4 ImageMagick ImageMagick 6.2 ImageMagick ImageMagick 6.1.8 ImageMagick ImageMagick 6.1.7 ImageMagick ImageMagick 6.1.6 ImageMagick ImageMagick 6.1.5 ImageMagick ImageMagick 6.1.4 ImageMagick ImageMagick 6.1.3 ImageMagick ImageMagick 6.1.2 ImageMagick ImageMagick 6.1.1 ImageMagick ImageMagick 6.1 ImageMagick ImageMagick 6.0.8 ImageMagick ImageMagick 6.0.7 ImageMagick ImageMagick 6.0.6 ImageMagick ImageMagick 6.0.5 ImageMagick ImageMagick 6.0.4 ImageMagick ImageMagick 6.0.3 ImageMagick ImageMagick 6.0.2 .5 ImageMagick ImageMagick 6.0.2 ImageMagick ImageMagick 6.0.1 ImageMagick ImageMagick 6.0 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 |
| Not Vulnerable: |
ImageMagick ImageMagick 6.2.9 |
Discussion
Imagemagick Image Index Array Remote Heap Buffer Overflow Vulnerability
ImageMagick is prone to a remote heap-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Exploiting this issue allows attackers to execute arbitrary machine code in the context of applications that use the ImageMagick library.
ImageMagick is prone to a remote heap-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Exploiting this issue allows attackers to execute arbitrary machine code in the context of applications that use the ImageMagick library.
Exploit / POC
Imagemagick Image Index Array Remote Heap Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
Imagemagick Image Index Array Remote Heap Buffer Overflow Vulnerability
Solution:
The vendor released an update to address this issue. Please see the references for more information.
Solution:
The vendor released an update to address this issue. Please see the references for more information.
References
Imagemagick Image Index Array Remote Heap Buffer Overflow Vulnerability
References:
References:
- ImageMagick Homepage (ImageMagick)
- libmagick: array index overflow in DisplayImageCommand (Debian)
- RHSA-2007:0015-5 ImageMagick security update (Redhat)