Nessus Plugin #17673
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
[DSA702] DSA-702-1 imagemagick
- Family:
- Debian Local Security Checks
- Category:
- infos
- Copyright:
- This script is (C) 2005 Michel Arboi
- Summary:
- DSA-702-1 imagemagick
- Version:
- $Revision: 1.1 $
- Cve_id:
- CAN-2005-0397, CAN-2005-0759, CAN-2005-0760, CAN-2005-0762
- Bugtraq_id:
- 12875
- Xrefs:
- DSA:702
- Description:
Several vulnerabilities have been discovered in ImageMagick, a
commonly used image manipulation library. These problems can be
exploited by a carefully crafted graphic image. The Common
Vulnerabilities and Exposures project identifies the following
problems:
Tavis Ormandy discovered a format string vulnerability in the
filename handling code which allows a remote attacker to cause a
denial of service and possibly execute arbitrary code.
Andrei Nigmatulin discovered a denial of service condition which
can be caused by an invalid tag in a TIFF image.
Andrei Nigmatulin discovered that the TIFF decoder is vulnerable
to accessing memory out of bounds which will result in a
segmentation fault.
Andrei Nigmatulin discovered a buffer overflow in the SGI parser
which allows a remote attacker to execute arbitrary code via a
specially crafted SGI image file.
For the stable distribution (woody) these problems have been fixed in
version 5.4.4.5-1woody6.
For the unstable distribution (sid) these problems have been fixed in
version 6.0.6.2-2.2.
We recommend that you upgrade your imagemagick package.
Solution : http://www.debian.org/security/2005/dsa-702
Risk factor : High
Generiert am 27.04.2005 um 18:49:54 Uhr.