[Pkg-gmagick-im-team] Bug#530838: [SA35216] ImageMagick "XMakeImage()" Integer Overflow Vulnerability

Giuseppe Iuculano giuseppe at iuculano.it
Thu May 28 07:12:20 UTC 2009


Package: imagemagick
Severity: serious
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi,

The following SA (Secunia Advisory) id was published for imagemagick:

SA35216[0]:

> DESCRIPTION:
> Tielei Wang has discovered a vulnerability in ImageMagick, which can
> be exploited by malicious people to potentially compromise a user's
> system.
> 
> The vulnerability is caused due to an integer overflow error within
> the "XMakeImage()" function in magick/xwindow.c. This can be
> exploited to cause a buffer overflow via e.g. a specially crafted
> TIFF file.
> 
> Successful exploitation may allow execution of arbitrary code.
> 
> The vulnerability is confirmed in version 6.5.2-8. Prior versions may
> also be affected.
> 
> SOLUTION:
> Update to version 6.5.2-9.
> 
> PROVIDED AND/OR DISCOVERED BY:
> Tielei Wang, ICST-ERCIS (Engineering Research Center of Info
> Security, Institute of Computer Science and Technology, Peking
> University)
> 
> ORIGINAL ADVISORY:
> ImageMagick:
> http://imagemagick.org/script/changelog.php


If you fix the vulnerability please also make sure to include the CVE id
(if will be available) in the changelog entry.


[0]http://secunia.com/advisories/35216/




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkoeOU8ACgkQNxpp46476apsTACfeXUukW4HpJRAEzEv/EuPfOHZ
8sIAn2iR9jkY0FdIPJVJ6ewcY3UB853d
=yTEV
-----END PGP SIGNATURE-----





More information about the Pkg-gmagick-im-team mailing list