ImageMagick Multiple Denial of Service Vulnerabilities
BID:52898
Info
ImageMagick Multiple Denial of Service Vulnerabilities
| Bugtraq ID: | 52898 |
| Class: | Unknown |
| CVE: |
CVE-2012-0259 CVE-2012-0260 CVE-2012-1610 CVE-2012-1798 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 05 2012 12:00AM |
| Updated: | Apr 13 2015 09:48PM |
| Credit: | Aleksis Kauppinen, Joonas Kuorilehto, Tuomas Parttimaa of Codenomicon CROSS Project and Red Hat Security Response |
| Vulnerable: |
Ubuntu Ubuntu Linux 13.10 Ubuntu Ubuntu Linux 12.10 Ubuntu Ubuntu Linux 12.04 LTS i386 Ubuntu Ubuntu Linux 12.04 LTS amd64 Ubuntu Ubuntu Linux 12.04 LTS Ubuntu Ubuntu Linux 11.10 i386 Ubuntu Ubuntu Linux 11.10 amd64 Ubuntu Ubuntu Linux 11.04 powerpc Ubuntu Ubuntu Linux 11.04 i386 Ubuntu Ubuntu Linux 11.04 ARM Ubuntu Ubuntu Linux 11.04 amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 Redhat Enterprise Linux Workstation Optional 6 Redhat Enterprise Linux Workstation 6 Redhat Enterprise Linux Server Optional 6 Redhat Enterprise Linux Server 6 Redhat Enterprise Linux HPC Node Optional 6 Redhat Enterprise Linux Desktop Workstation 5 client Redhat Enterprise Linux Desktop Optional 6 Redhat Enterprise Linux Desktop 6 Redhat Enterprise Linux Desktop 5 client Redhat Enterprise Linux 5 Server Oracle Solaris 11.1 Oracle Enterprise Linux 6.2 Oracle Enterprise Linux 6 Oracle Enterprise Linux 5 Mandriva Linux Mandrake 2011 x86_64 Mandriva Linux Mandrake 2011 Mandriva Linux Mandrake 2010.1 x86_64 Mandriva Linux Mandrake 2010.1 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 ImageMagick ImageMagick 6.7.6-2 Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 |
| Not Vulnerable: |
Oracle Solaris 11.1.11.4.0 ImageMagick ImageMagick 6.7.6-4 |
Discussion
ImageMagick Multiple Denial of Service Vulnerabilities
ImageMagick is prone to multiple denial-of-service vulnerabilities.
An attacker can exploit these issues to cause an affected application to crash, denying service to legitimate users.
ImageMagick versions prior to 6.7.6-4 are vulnerable.
ImageMagick is prone to multiple denial-of-service vulnerabilities.
An attacker can exploit these issues to cause an affected application to crash, denying service to legitimate users.
ImageMagick versions prior to 6.7.6-4 are vulnerable.
Exploit / POC
ImageMagick Multiple Denial of Service Vulnerabilities
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
ImageMagick Multiple Denial of Service Vulnerabilities
Solution:
Updates are available. Please see the references for more information.
MandrakeSoft Enterprise Server 5 x86_64
MandrakeSoft Enterprise Server 5
Mandriva Linux Mandrake 2010.1 x86_64
Mandriva Linux Mandrake 2010.1
Mandriva Linux Mandrake 2011 x86_64
Mandriva Linux Mandrake 2011
Solution:
Updates are available. Please see the references for more information.
MandrakeSoft Enterprise Server 5 x86_64
-
Mandriva imagemagick-6.4.2.10-5.3mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva imagemagick-desktop-6.4.2.10-5.3mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva imagemagick-doc-6.4.2.10-5.3mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64magick-devel-6.4.2.10-5.3mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64magick1-6.4.2.10-5.3mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva perl-Image-Magick-6.4.2.10-5.3mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/
MandrakeSoft Enterprise Server 5
-
Mandriva imagemagick-6.4.2.10-5.3mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva imagemagick-desktop-6.4.2.10-5.3mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva imagemagick-doc-6.4.2.10-5.3mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libmagick-devel-6.4.2.10-5.3mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libmagick1-6.4.2.10-5.3mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva perl-Image-Magick-6.4.2.10-5.3mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/
Mandriva Linux Mandrake 2010.1 x86_64
-
Mandriva imagemagick-6.6.1.5-2.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva imagemagick-desktop-6.6.1.5-2.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva imagemagick-doc-6.6.1.5-2.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64magick-devel-6.6.1.5-2.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64magick3-6.6.1.5-2.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva perl-Image-Magick-6.6.1.5-2.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/
Mandriva Linux Mandrake 2010.1
-
Mandriva imagemagick-6.6.1.5-2.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva imagemagick-desktop-6.6.1.5-2.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva imagemagick-doc-6.6.1.5-2.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libmagick-devel-6.6.1.5-2.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libmagick3-6.6.1.5-2.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva perl-Image-Magick-6.6.1.5-2.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/
Mandriva Linux Mandrake 2011 x86_64
-
Mandriva imagemagick-6.7.0.9-1.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva imagemagick-desktop-6.7.0.9-1.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva imagemagick-doc-6.7.0.9-1.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64magick-devel-6.7.0.9-1.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64magick4-6.7.0.9-1.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva perl-Image-Magick-6.7.0.9-1.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/
Mandriva Linux Mandrake 2011
-
Mandriva imagemagick-6.7.0.9-1.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva imagemagick-desktop-6.7.0.9-1.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva imagemagick-doc-6.7.0.9-1.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libmagick-devel-6.7.0.9-1.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libmagick4-6.7.0.9-1.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva perl-Image-Magick-6.7.0.9-1.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/
References
ImageMagick Multiple Denial of Service Vulnerabilities
References:
References:
- Multiple vulnerabilities in ImageMagick (Oracle)
- CERT-FI Advisory on issues in ImageMagick (CERT-FI)
- CVE-2012-1610 assignment notification: ImageMagick insufficient patch for CVE-20 (Red Hat Security Response)
- ImageMagick Homepage (ImageMagick)
- ImageMagick Vulnerabilities (ImageMagick )
- USN-2132-1: ImageMagick vulnerabilities (Ubuntu)