| Descripción: | Description:
The remote host is missing an update to ImageMagick
announced via advisory MDKSA-2005:065.
A format string vulnerability was discovered in ImageMagick, in the
way it handles filenames. An attacker could execute arbitrary code on
a victim's machine provided they could trick them into opening a file
with a special name (CVE-2005-0397).
As well, Andrei Nigmatulin discovered a heap-based buffer overflow in
ImageMagick's image handler. An attacker could create a special
PhotoShop Document (PSD) image file in such a way that it would cause
ImageMagick to execute arbitray code when processing the image
(CVE-2005-0005).
Other vulnerabilities were discovered in ImageMagick versions prior
to 6.0:
A bug in the way that ImageMagick handles TIFF tags was discovered.
It was possible that a TIFF image with an invalid tag could cause
ImageMagick to crash (CVE-2005-0759).
A bug in ImageMagick's TIFF decoder was discovered where a specially-
crafted TIFF image could cause ImageMagick to crash (CVE-2005-0760).
A bug in ImageMagick's PSD parsing was discovered where a specially-
crafted PSD file could cause ImageMagick to crash (CVE-2005-0761).
Finally, a heap overflow bug was discovered in ImageMagick's SGI
parser. If an attacker could trick a user into opening a specially-
crafted SGI image file, ImageMagick would execute arbitrary code
(CVE-2005-0762).
The updated packages have been patched to correct these issues.
Affected versions: 10.0, 10.1, Corporate 3.0,
Corporate Server 2.1
Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2005:065
Risk factor : High
CVSS Score:
7.5
|
