RETIRED: ImageMagic Multiple Integer Overflow Vulnerabilities
BID:23252
Info
RETIRED: ImageMagic Multiple Integer Overflow Vulnerabilities
| Bugtraq ID: | 23252 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 02 2007 12:00AM |
| Updated: | May 10 2007 10:39PM |
| Credit: | The discoverer of these vulnerabilities wishes to remain anonymous |
| Vulnerable: |
rPath rPath Linux 1 ImageMagick ImageMagick 6.3.3-3 ImageMagick ImageMagick 6.3.2 ImageMagick ImageMagick 6.3.1 ImageMagick ImageMagick 6.2.9 Foresight Linux Foresight Linux 1.1 |
| Not Vulnerable: |
ImageMagick ImageMagick 6.3.3-5 |
Discussion
RETIRED: ImageMagic Multiple Integer Overflow Vulnerabilities
ImageMagic is prone to an integer-overflow vulnerability because it fails to properly validate user-supplied data.
An attacker can exploit these issues to execute arbitrary code in the context of the application. Failed exploit attempts will likely cause denial-of-service conditions.
NOTE: This record is a duplicate of BID 23347 (ImageMagick DCM XWD Formats Multiple Integer Overflow Vulnerabilities), and is therefore being retired.
ImageMagic is prone to an integer-overflow vulnerability because it fails to properly validate user-supplied data.
An attacker can exploit these issues to execute arbitrary code in the context of the application. Failed exploit attempts will likely cause denial-of-service conditions.
NOTE: This record is a duplicate of BID 23347 (ImageMagick DCM XWD Formats Multiple Integer Overflow Vulnerabilities), and is therefore being retired.
Exploit / POC
RETIRED: ImageMagic Multiple Integer Overflow Vulnerabilities
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
RETIRED: ImageMagic Multiple Integer Overflow Vulnerabilities
Solution:
The vendor released an update to address these issues. Please see the references for more information.
Solution:
The vendor released an update to address these issues. Please see the references for more information.
References
RETIRED: ImageMagic Multiple Integer Overflow Vulnerabilities
References:
References:
- iDefense Security Advisory 03.31.07: Multiple Vendor ImageMagick DCM and XWD Buf (iDefense)
- ImageMagick ChangeLog (ImageMagick)
- ImageMagick Homepage (ImageMagick)