oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request -- ImageMagick -- Integer overflow in XMakeImage()

From: Thomas Biege <thomas () suse de>
Date: Mon, 8 Jun 2009 10:26:56 +0200

This also affects GraphicsMagick.

On Sat, Jun 06, 2009 at 12:22:01PM -0400, Steven M. Christey wrote:


======================================================
Name: CVE-2009-1882
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1882
Reference: CONFIRM:http://imagemagick.org/script/changelog.php
Reference: CONFIRM:http://mirror1.smudge-it.co.uk/imagemagick/www/changelog.html
Reference: BID:35111
Reference: URL:http://www.securityfocus.com/bid/35111
Reference: OSVDB:54729
Reference: URL:http://osvdb.org/54729
Reference: SECUNIA:35216
Reference: URL:http://secunia.com/advisories/35216
Reference: VUPEN:ADV-2009-1449
Reference: URL:http://www.vupen.com/english/advisories/2009/1449

Integer overflow in the XMakeImage function in magick/xwindow.c in
ImageMagick 6.5.2-8 allows remote attackers to cause a denial of
service (crash) and possibly execute arbitrary code via a crafted TIFF
file, which triggers a buffer overflow.  NOTE: some of these details
are obtained from third party information.



-- 
Bye,
     Thomas
-- 
 Thomas Biege <thomas () suse de>, SUSE LINUX, Security Support & Auditing
 SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
-- 
           Hamming's Motto:
           The purpose of computing is insight, not numbers.
                                -- Richard W. Hamming
Previous By Date Next
Previous By Thread Next

Current thread: