Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.64637
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 1858-1 (imagemagick)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to imagemagick
announced via advisory DSA 1858-1.

Several vulnerabilities have been discovered in the imagemagick image
manipulation programs which can lead to the execution of arbitrary code,
exposure of sensitive information or cause DoS. The Common Vulnerabilities
and Exposures project identifies the following problems:

CVE-2007-1667

Multiple integer overflows in XInitImage function in xwd.c for
ImageMagick, allow user-assisted remote attackers to cause a denial of
service (crash) or obtain sensitive information via crafted images with
large or negative values that trigger a buffer overflow. It only affects
the oldstable distribution (etch).

CVE-2007-1797

Multiple integer overflows allow remote attackers to execute arbitrary
code via a crafted DCM image, or the colors or comments field in a
crafted XWD image. It only affects the oldstable distribution (etch).

CVE-2007-4985

A crafted image file can trigger an infinite loop in the ReadDCMImage
function or in the ReadXCFImage function. It only affects the oldstable
distribution (etch).

CVE-2007-4986

Multiple integer overflows allow context-dependent attackers to execute
arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file,
which triggers a heap-based buffer overflow. It only affects the
oldstable distribution (etch).

CVE-2007-4987

Off-by-one error allows context-dependent attackers to execute arbitrary
code via a crafted image file, which triggers the writing of a '\0'
character to an out-of-bounds address. It affects only the oldstable
distribution (etch).

CVE-2007-4988

A sign extension error allows context-dependent attackers to execute
arbitrary code via a crafted width value in an image file, which
triggers an integer overflow and a heap-based buffer overflow. It
affects only the oldstable distribution (etch).

CVE-2008-1096

The load_tile function in the XCF coder allows user-assisted remote
attackers to cause a denial of service or possibly execute arbitrary
code via a crafted .xcf file that triggers an out-of-bounds heap write.
It affects only to oldstable (etch).

CVE-2008-1097

Heap-based buffer overflow in the PCX coder allows user-assisted remote
attackers to cause a denial of service or possibly execute arbitrary
code via a crafted .pcx file that triggers incorrect memory allocation
for the scanline array, leading to memory corruption. It affects only to
oldstable (etch).

CVE-2009-1882

Integer overflow allows remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a crafted TIFF file,
which triggers a buffer overflow.

For the old stable distribution (etch), these problems have been fixed in
version 7:6.2.4.5.dfsg1-0.15+etch1.

For the stable distribution (lenny), these problems have been fixed in
version 7:6.3.7.9.dfsg2-1~
lenny3.

For the upcoming stable distribution (squeeze) and the unstable
distribution (sid), these problems have been fixed in version
7:6.5.1.0-1.1.

We recommend that you upgrade your imagemagick packages.

Solution:
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201858-1

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-1667
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
BugTraq ID: 23300
http://www.securityfocus.com/bid/23300
Bugtraq: 20070404 rPSA-2007-0065-1 freetype xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs (Google Search)
http://www.securityfocus.com/archive/1/464686/100/0/threaded
Bugtraq: 20070405 FLEA-2007-0009-1: xorg-x11 freetype (Google Search)
http://www.securityfocus.com/archive/1/464816/100/0/threaded
Debian Security Information: DSA-1294 (Google Search)
http://www.debian.org/security/2007/dsa-1294
Debian Security Information: DSA-1858 (Google Search)
http://www.debian.org/security/2009/dsa-1858
http://security.gentoo.org/glsa/glsa-200705-06.xml
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:079
http://www.mandriva.com/security/advisories?name=MDKSA-2007:147
http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html
OpenBSD Security Advisory: [3.9] 021: SECURITY FIX: April 4, 2007
http://www.openbsd.org/errata39.html#021_xorg
OpenBSD Security Advisory: [4.0] 011: SECURITY FIX: April 4, 2007
http://www.openbsd.org/errata40.html#011_xorg
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1693
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9776
RedHat Security Advisories: RHSA-2007:0125
http://rhn.redhat.com/errata/RHSA-2007-0125.html
http://www.redhat.com/support/errata/RHSA-2007-0126.html
http://www.redhat.com/support/errata/RHSA-2007-0157.html
http://www.securitytracker.com/id?1017864
http://secunia.com/advisories/24739
http://secunia.com/advisories/24741
http://secunia.com/advisories/24745
http://secunia.com/advisories/24756
http://secunia.com/advisories/24758
http://secunia.com/advisories/24765
http://secunia.com/advisories/24771
http://secunia.com/advisories/24791
http://secunia.com/advisories/24953
http://secunia.com/advisories/24975
http://secunia.com/advisories/25004
http://secunia.com/advisories/25072
http://secunia.com/advisories/25112
http://secunia.com/advisories/25131
http://secunia.com/advisories/25305
http://secunia.com/advisories/25992
http://secunia.com/advisories/26177
http://secunia.com/advisories/30161
http://secunia.com/advisories/33937
http://secunia.com/advisories/36260
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102888-1
SuSE Security Announcement: SUSE-SA:2007:027 (Google Search)
http://www.novell.com/linux/security/advisories/2007_27_x.html
SuSE Security Announcement: SUSE-SR:2007:008 (Google Search)
http://www.novell.com/linux/security/advisories/2007_8_sr.html
http://www.ubuntu.com/usn/usn-453-1
http://www.ubuntu.com/usn/usn-453-2
http://www.ubuntu.com/usn/usn-481-1
http://www.vupen.com/english/advisories/2007/1217
http://www.vupen.com/english/advisories/2007/1531
Common Vulnerability Exposure (CVE) ID: CVE-2007-1797
BugTraq ID: 23252
http://www.securityfocus.com/bid/23252
BugTraq ID: 23347
http://www.securityfocus.com/bid/23347
http://security.gentoo.org/glsa/glsa-200705-13.xml
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=496
http://www.imagemagick.org/script/changelog.php
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9254
http://www.redhat.com/support/errata/RHSA-2008-0145.html
http://www.redhat.com/support/errata/RHSA-2008-0165.html
http://www.securitytracker.com/id?1017839
http://secunia.com/advisories/24721
http://secunia.com/advisories/25206
http://secunia.com/advisories/29786
http://secunia.com/advisories/29857
http://www.vupen.com/english/advisories/2007/1200
XForce ISS Database: imagemagick-readdcmimage-bo(33376)
https://exchange.xforce.ibmcloud.com/vulnerabilities/33376
XForce ISS Database: imagemagick-readxwdimage-bo(33377)
https://exchange.xforce.ibmcloud.com/vulnerabilities/33377
Common Vulnerability Exposure (CVE) ID: CVE-2007-4985
BugTraq ID: 25764
http://www.securityfocus.com/bid/25764
Bugtraq: 20071112 FLEA-2007-0066-1 ImageMagick (Google Search)
http://www.securityfocus.com/archive/1/483572/100/0/threaded
http://security.gentoo.org/glsa/glsa-200710-27.xml
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=596
http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:035
http://studio.imagemagick.org/pipermail/magick-announce/2007-September/000037.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10869
http://www.securitytracker.com/id?1018729
http://secunia.com/advisories/26926
http://secunia.com/advisories/27048
http://secunia.com/advisories/27309
http://secunia.com/advisories/27364
http://secunia.com/advisories/27439
http://secunia.com/advisories/28721
SuSE Security Announcement: SUSE-SR:2007:023 (Google Search)
http://www.novell.com/linux/security/advisories/2007_23_sr.html
http://www.ubuntu.com/usn/usn-523-1
http://www.vupen.com/english/advisories/2007/3245
XForce ISS Database: imagemagick-readdcmimage-readxcfimage-dos(36740)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36740
Common Vulnerability Exposure (CVE) ID: CVE-2007-4986
BugTraq ID: 25763
http://www.securityfocus.com/bid/25763
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=594
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9963
http://secunia.com/advisories/35316
XForce ISS Database: imagemagick-multiplefunctions-bo(36738)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36738
Common Vulnerability Exposure (CVE) ID: CVE-2007-4987
BugTraq ID: 25766
http://www.securityfocus.com/bid/25766
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=595
XForce ISS Database: imagemagick-readblogstring-bo(36739)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36739
Common Vulnerability Exposure (CVE) ID: CVE-2007-4988
BugTraq ID: 25765
http://www.securityfocus.com/bid/25765
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=597
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9656
XForce ISS Database: imagemagick-readdibimage-bo(36737)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36737
Common Vulnerability Exposure (CVE) ID: CVE-2008-1096
BugTraq ID: 28821
http://www.securityfocus.com/bid/28821
http://www.mandriva.com/security/advisories?name=MDVSA-2008:099
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414370
https://bugzilla.redhat.com/show_bug.cgi?id=286411
http://osvdb.org/43212
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10843
http://www.securitytracker.com/id?1019880
http://secunia.com/advisories/30967
http://secunia.com/advisories/32945
SuSE Security Announcement: SUSE-SR:2008:014 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
http://www.ubuntu.com/usn/USN-681-1
XForce ISS Database: imagemagick-loadtile-code-execution(41194)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41194
Common Vulnerability Exposure (CVE) ID: CVE-2008-1097
BugTraq ID: 28822
http://www.securityfocus.com/bid/28822
http://security.gentoo.org/glsa/glsa-201311-10.xml
https://bugzilla.redhat.com/show_bug.cgi?id=285861
http://osvdb.org/43213
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11237
http://www.securitytracker.com/id?1019881
http://secunia.com/advisories/55721
XForce ISS Database: imagemagick-readpcximage-bo(41193)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41193
Common Vulnerability Exposure (CVE) ID: CVE-2009-1882
BugTraq ID: 35111
http://www.securityfocus.com/bid/35111
Bugtraq: 20101027 rPSA-2010-0074-1 ImageMagick (Google Search)
http://www.securityfocus.com/archive/1/514516/100/0/threaded
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033833.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033766.html
http://www.openwall.com/lists/oss-security/2009/06/08/1
http://osvdb.org/54729
http://secunia.com/advisories/35216
http://secunia.com/advisories/35382
http://secunia.com/advisories/35685
http://secunia.com/advisories/37959
SuSE Security Announcement: SUSE-SR:2009:012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
https://usn.ubuntu.com/784-1/
http://www.vupen.com/english/advisories/2009/1449
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.