[Pkg-gmagick-im-team] Bug#659339: imagemagick: Invalid validation DoS CVE-2012-0247/CVE-2012-02478
Henri Salo
henri at nerv.fi
Fri Feb 10 11:26:26 UTC 2012
Package: imagemagick
Version: 8:6.6.0.4-3
Severity: important
Tags: security
Concerning ImageMagick 6.7.5-0 and earlier:
CVE-2012-0247: When parsing a maliciously crafted image with incorrect offset and count in the ResolutionUnit tag in EXIF IFD0, ImageMagick copies two bytes into an invalid address.
CVE-2012-0248: When parsing a maliciously crafted image with an IFD whose all IOP tags' value offsets point to the beginning of the IFD itself. As a result, ImageMagick parses the IFD structure indefinitely, causing a denial of service.
For more details please read: http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20286
-- System Information:
Debian Release: 6.0.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages imagemagick depends on:
ii libbz2-1.0 1.0.5-6+squeeze1 high-quality block-sorting file co
ii libc6 2.11.3-2 Embedded GNU C Library: Shared lib
ii libfontconfig1 2.8.0-2.1 generic font configuration library
ii libfreetype6 2.4.2-2.1+squeeze3 FreeType 2 font engine, shared lib
ii libglib2.0-0 2.24.2-1 The GLib library of C routines
ii libgomp1 4.4.5-8 GCC OpenMP (GOMP) support library
ii libice6 2:1.0.6-2 X11 Inter-Client Exchange library
ii libjpeg62 6b1-1 The Independent JPEG Group's JPEG
ii liblcms1 1.18.dfsg-1.2+b3 Color management library
ii liblqr-1-0 0.4.1-1 converts plain array images into m
ii libltdl7 2.2.6b-2 A system independent dlopen wrappe
ii libmagickcore3 8:6.6.0.4-3 low-level image manipulation libra
ii libmagickwand3 8:6.6.0.4-3 image manipulation library
ii libsm6 2:1.1.1-1 X11 Session Management library
ii libtiff4 3.9.4-5+squeeze3 Tag Image File Format (TIFF) libra
ii libx11-6 2:1.3.3-4 X11 client-side library
ii libxext6 2:1.1.2-1 X11 miscellaneous extension librar
ii libxt6 1:1.0.7-1 X11 toolkit intrinsics library
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
Versions of packages imagemagick recommends:
ii ghostscript 8.71~dfsg2-9 The GPL Ghostscript PostScript/PDF
ii libmagickcore3-extra 8:6.6.0.4-3 low-level image manipulation libra
ii netpbm 2:10.0-12.2+b1 Graphics conversion tools between
ii ufraw-batch 0.16-3+b1 batch importer for raw camera imag
Versions of packages imagemagick suggests:
pn autotrace <none> (no description available)
pn cups-bsd | lpr <none> (no description available)
ii curl 7.21.0-2.1+squeeze1 Get a file from an HTTP, HTTPS or
pn enscript <none> (no description available)
pn ffmpeg <none> (no description available)
ii gimp 2.6.10-1+squeeze1 The GNU Image Manipulation Program
ii gnuplot 4.4.0-1.1 A command-line driven interactive
pn grads <none> (no description available)
ii groff-base 1.20.1-10 GNU troff text-formatting system (
pn hp2xx <none> (no description available)
pn html2ps <none> (no description available)
pn imagemagick-doc <none> (no description available)
pn libwmf-bin <none> (no description available)
ii mplayer 2:1.0~rc3++final.dfsg1-1 movie player for Unix-like systems
pn povray <none> (no description available)
pn radiance <none> (no description available)
ii sane-utils 1.0.21-9 API library for scanners -- utilit
ii texlive-binarie 2009-8 Binaries for TeX Live
ii transfig 1:3.2.5.c-1 Utilities for converting XFig figu
ii xdg-utils 1.0.2+cvs20100307-2 desktop integration utilities from
-- no debconf information
More information about the Pkg-gmagick-im-team
mailing list