GLSA Bodhisattva
Joined: 13 Jun 2003 Posts: 4087 Location: Dresden, Germany
|
Posted: Sat Nov 06, 2004 10:02 pm Post subject: [ GLSA 200411-11 ] ImageMagick: EXIF buffer overflow |
|
|
Gentoo Linux Security Advisory
Title: ImageMagick: EXIF buffer overflow (GLSA 200411-11)
Severity: normal
Exploitable: remote
Date: November 06, 2004
Bug(s): #69825
ID: 200411-11
Synopsis
ImageMagick contains an error in boundary checks when handling EXIF
information, which could lead to arbitrary code execution.
Background
ImageMagick is a collection of tools to read, write and manipulate images
in many formats.
Affected Packages
Package: media-gfx/imagemagick
Vulnerable: < 6.1.3.2
Unaffected: >= 6.1.3.2
Architectures: All supported architectures
Description
ImageMagick fails to do proper bounds checking when handling image files
with EXIF information.
Impact
An attacker could use an image file with specially-crafted EXIF information
to cause arbitrary code execution with the permissions of the user running
ImageMagick.
Workaround
There is no known workaround at this time.
Resolution
All ImageMagick users should upgrade to the latest version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.1.3.2" |
References
CAN-2004-0981
ImageMagick ChangeLog
SA 12995
Last edited by GLSA on Sun Nov 23, 2014 4:18 am; edited 3 times in total |
|