ImageMagick Multiple Vulnerabilities

Posted on Monday, September 24, 2007 @ 19:09:11 CDT in Security
by Raven

SECUNIA ADVISORY ID: SA26926

VERIFY ADVISORY: http://secunia.com/advisories/26926/

CRITICAL: Highly critical

IMPACT: DoS, System access

WHERE: >From remote

SOFTWARE:
ImageMagick 6.x - http://secunia.com/product/3763/
ImageMagick 5.x - http://secunia.com/product/1791/

DESCRIPTION: Some vulnerabilities have been reported in ImageMagick, which can be exploited by malicious people to conduct DoS (Denial of Service) attacks or compromise a user's system.

1) Some integer overflow errors exist within the "AllocateImageColormap()", "ReadDCMImage()", "ReadDIBImage()", and "ReadXBMImage()" functions when processing image files. These can be exploited to cause heap-based buffer overflows via specially crafted image files.

2) An off-by-one error exists within the "ReadBlobString()" function in magick/blob.c when processing image files. This can be exploited to cause a one-byte buffer overflow via a specially crafted image file.

3) A sign extension error exists within the "ReadDIBImage()" function when processing image files. This can be exploited to cause a heap-based buffer overflow when processing specially crafted DIB files.

Successful exploitation of the vulnerabilities allows execution of arbitrary code.

4) Some errors within the "ReadDCMImage()" and "ReadXCFImage()" functions can be exploited to cause the execution of infinite loops via specially crafted DCM or XCF files.

The vulnerabilities are reported in versions prior to 6.3.5-9.
SOLUTION: Update to version 6.3.5-9. - http://www.imagemagick.org/script/download.php
PROVIDED AND/OR DISCOVERED BY: Discovered by regenrecht and reported via iDefense.
ORIGINAL ADVISORY: ImageMagick:
http://studio.imagemagick.org/pipermail/magick-announce/2007-September/000037.html
http://www.imagemagick.org/script/changelog.php

iDefense:
1) http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=594
2) http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=595
3) http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=597
4) http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=596
 
 
click Related        click Share
 
News ©

Site Info

Last SeenLast Seen
  • vashd1
  • neralex
Server TrafficServer Traffic
  • Total: 513,617,739
  • Today: 74,195
Server InfoServer Info
  • Apr 26, 2025
  • 02:08 pm CDT
 
 

Site Navigation