[Pkg-gmagick-im-team] Bug#530838: [SA35216] ImageMagick "XMakeImage()" Integer Overflow Vulnerability
Giuseppe Iuculano
giuseppe at iuculano.it
Thu May 28 07:12:20 UTC 2009
Package: imagemagick
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
The following SA (Secunia Advisory) id was published for imagemagick:
SA35216[0]:
> DESCRIPTION:
> Tielei Wang has discovered a vulnerability in ImageMagick, which can
> be exploited by malicious people to potentially compromise a user's
> system.
>
> The vulnerability is caused due to an integer overflow error within
> the "XMakeImage()" function in magick/xwindow.c. This can be
> exploited to cause a buffer overflow via e.g. a specially crafted
> TIFF file.
>
> Successful exploitation may allow execution of arbitrary code.
>
> The vulnerability is confirmed in version 6.5.2-8. Prior versions may
> also be affected.
>
> SOLUTION:
> Update to version 6.5.2-9.
>
> PROVIDED AND/OR DISCOVERED BY:
> Tielei Wang, ICST-ERCIS (Engineering Research Center of Info
> Security, Institute of Computer Science and Technology, Peking
> University)
>
> ORIGINAL ADVISORY:
> ImageMagick:
> http://imagemagick.org/script/changelog.php
If you fix the vulnerability please also make sure to include the CVE id
(if will be available) in the changelog entry.
[0]http://secunia.com/advisories/35216/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkoeOU8ACgkQNxpp46476apsTACfeXUukW4HpJRAEzEv/EuPfOHZ
8sIAn2iR9jkY0FdIPJVJ6ewcY3UB853d
=yTEV
-----END PGP SIGNATURE-----
More information about the Pkg-gmagick-im-team
mailing list