GLSA Bodhisattva
Joined: 25 Feb 2003 Posts: 3829 Location: Essen, Germany
|
Posted: Sun Mar 06, 2005 2:09 pm Post subject: [ GLSA 200503-11 ] ImageMagick: Filename handling vulnerabil |
|
|
Gentoo Linux Security Advisory
Title: ImageMagick: Filename handling vulnerability (GLSA 200503-11)
Severity: normal
Exploitable: remote
Date: March 06, 2005
Updated: May 22, 2006
Bug(s): #83542
ID: 200503-11
Synopsis
A format string vulnerability exists in ImageMagick that may allow an attacker to execute arbitrary code.
Background
ImageMagick is a collection of tools and libraries for manipulating a wide variety of image formats.
Affected Packages
Package: media-gfx/imagemagick
Vulnerable: < 6.2.0.4
Unaffected: >= 6.2.0.4
Architectures: All supported architectures
Description
Tavis Ormandy of the Gentoo Linux Security Audit Team has identified a flaw in the handling of filenames by the ImageMagick utilities.
Impact
Successful exploitation may disrupt web applications that depend on ImageMagick for image processing, potentially executing arbitrary code.
Workaround
There is no known workaround at this time.
Resolution
All ImageMagick users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.2.0.4" |
References
CVE-2005-0397
Last edited by GLSA on Sun Jul 30, 2006 4:17 am; edited 6 times in total |
|