ImageMagick Buffer Overflow and Denial of Service Vulnerabilities
BID:51957
Info
ImageMagick Buffer Overflow and Denial of Service Vulnerabilities
| Bugtraq ID: | 51957 |
| Class: | Unknown |
| CVE: |
CVE-2012-0247 CVE-2012-0248 CVE-2012-1185 CVE-2012-1186 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 10 2012 12:00AM |
| Updated: | May 19 2014 05:54AM |
| Credit: | Mr Joonas Kuorilehto and Mr Aleksis Kauppinen |
| Vulnerable: |
Ubuntu Ubuntu Linux 12.04 LTS i386 Ubuntu Ubuntu Linux 12.04 LTS amd64 Ubuntu Ubuntu Linux 11.10 i386 Ubuntu Ubuntu Linux 11.10 amd64 Ubuntu Ubuntu Linux 11.04 powerpc Ubuntu Ubuntu Linux 11.04 i386 Ubuntu Ubuntu Linux 11.04 ARM Ubuntu Ubuntu Linux 11.04 amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 RedHat Enterprise Linux Desktop Workstation 5 client Red Hat Enterprise Linux Workstation Optional 6 Red Hat Enterprise Linux Workstation 6 Red Hat Enterprise Linux Server Optional 6 Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux HPC Node Optional 6 Red Hat Enterprise Linux Desktop Optional 6 Red Hat Enterprise Linux Desktop 6 Red Hat Enterprise Linux Desktop 5 client Red Hat Enterprise Linux 5 Server Oracle Enterprise Linux 6.2 Oracle Enterprise Linux 6 Oracle Enterprise Linux 5 Mandriva Linux Mandrake 2011 x86_64 Mandriva Linux Mandrake 2011 Mandriva Linux Mandrake 2010.1 x86_64 Mandriva Linux Mandrake 2010.1 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 ImageMagick ImageMagick 6.4 -4 ImageMagick ImageMagick 6.3.4 ImageMagick ImageMagick 6.2.9 ImageMagick ImageMagick 6.2.8 ImageMagick ImageMagick 6.2.7 ImageMagick ImageMagick 6.2.6 ImageMagick ImageMagick 6.2.5 ImageMagick ImageMagick 6.2.4 .5 ImageMagick ImageMagick 6.2.4 ImageMagick ImageMagick 6.2.3 ImageMagick ImageMagick 6.2.2 ImageMagick ImageMagick 6.2.1 ImageMagick ImageMagick 6.2 .0.7 ImageMagick ImageMagick 6.2 .0.4 ImageMagick ImageMagick 6.2 ImageMagick ImageMagick 6.1.8 ImageMagick ImageMagick 6.1.7 ImageMagick ImageMagick 6.1.6 ImageMagick ImageMagick 6.1.5 ImageMagick ImageMagick 6.1.4 ImageMagick ImageMagick 6.1.3 ImageMagick ImageMagick 6.1.2 ImageMagick ImageMagick 6.1.1 ImageMagick ImageMagick 6.1 ImageMagick ImageMagick 6.0.8 ImageMagick ImageMagick 6.0.7 ImageMagick ImageMagick 6.0.6 ImageMagick ImageMagick 6.0.5 ImageMagick ImageMagick 6.0.4 ImageMagick ImageMagick 6.0.3 ImageMagick ImageMagick 6.0.2 .5 ImageMagick ImageMagick 6.0.2 ImageMagick ImageMagick 6.0.1 ImageMagick ImageMagick 6.0 ImageMagick ImageMagick 6.6.8-5 ImageMagick ImageMagick 6.6.5-5 ImageMagick ImageMagick 6.5.2-9 ImageMagick ImageMagick 6.5.2-8 ImageMagick ImageMagick 6.3.5-9 ImageMagick ImageMagick 6.3.5-10 ImageMagick ImageMagick 6.3.3-6 ImageMagick ImageMagick 6.3.3-5 ImageMagick ImageMagick 6.3.3-3 ImageMagick ImageMagick 6.3.2 ImageMagick ImageMagick 6.3.1 ImageMagick ImageMagick 6.2.9.2 ImageMagick ImageMagick 6.2.4.3 ImageMagick ImageMagick 6.2.3.4 ImageMagick ImageMagick 6.2.0.3 ImageMagick ImageMagick 6.0.6.2 ImageMagick ImageMagick 6.0.4.4 Gentoo Linux Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 |
| Not Vulnerable: |
ImageMagick ImageMagick 6.7.5-1 |
Discussion
ImageMagick Buffer Overflow and Denial of Service Vulnerabilities
ImageMagick is prone to a buffer-overflow vulnerability and a denial-of-service vulnerability.
Remote attackers can exploit these issues to execute arbitrary code in the context of the application or cause denial-of-service conditions.
ImageMagick versions prior to 6.7.5-1 are vulnerable.
ImageMagick is prone to a buffer-overflow vulnerability and a denial-of-service vulnerability.
Remote attackers can exploit these issues to execute arbitrary code in the context of the application or cause denial-of-service conditions.
ImageMagick versions prior to 6.7.5-1 are vulnerable.
Exploit / POC
ImageMagick Buffer Overflow and Denial of Service Vulnerabilities
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
ImageMagick Buffer Overflow and Denial of Service Vulnerabilities
Solution:
Updates are available. Please see the references for more information.
UPDATE (Mar 19, 2012): Initial patches did not properly address these issues. Additional vendor updates are available.
Mandriva Linux Mandrake 2010.1 x86_64
MandrakeSoft Enterprise Server 5 x86_64
MandrakeSoft Enterprise Server 5
Mandriva Linux Mandrake 2010.1
Solution:
Updates are available. Please see the references for more information.
UPDATE (Mar 19, 2012): Initial patches did not properly address these issues. Additional vendor updates are available.
Mandriva Linux Mandrake 2010.1 x86_64
-
Mandriva imagemagick-6.6.1.5-2.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva imagemagick-desktop-6.6.1.5-2.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva imagemagick-doc-6.6.1.5-2.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64magick-devel-6.6.1.5-2.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64magick3-6.6.1.5-2.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva perl-Image-Magick-6.6.1.5-2.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/
MandrakeSoft Enterprise Server 5 x86_64
-
Mandriva imagemagick-6.4.2.10-5.3mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva imagemagick-desktop-6.4.2.10-5.3mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva imagemagick-doc-6.4.2.10-5.3mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64magick-devel-6.4.2.10-5.3mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64magick1-6.4.2.10-5.3mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva perl-Image-Magick-6.4.2.10-5.3mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/
MandrakeSoft Enterprise Server 5
-
Mandriva imagemagick-6.4.2.10-5.3mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva imagemagick-desktop-6.4.2.10-5.3mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva imagemagick-doc-6.4.2.10-5.3mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libmagick-devel-6.4.2.10-5.3mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libmagick1-6.4.2.10-5.3mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva perl-Image-Magick-6.4.2.10-5.3mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/
Mandriva Linux Mandrake 2010.1
-
Mandriva imagemagick-6.6.1.5-2.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva imagemagick-desktop-6.6.1.5-2.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva imagemagick-doc-6.6.1.5-2.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libmagick-devel-6.6.1.5-2.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libmagick3-6.6.1.5-2.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva perl-Image-Magick-6.6.1.5-2.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/
References
ImageMagick Buffer Overflow and Denial of Service Vulnerabilities
References:
References:
- CVE-2012-1185 / CVE-2012-1186 assignment notification - incomplete ImageMagick f (Stefan Cornelius)
- ImageMagick Homepage (ImageMagick)
- ImageMagick Invalid Validation and Denial of Service (ImageMagick)