Buffer overflow : ImageMagick < 6.7.5-1 Integer Overflow Vulnerability (Jun 2013)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.803814

Categoría: Buffer overflow

Título: ImageMagick < 6.7.5-1 Integer Overflow Vulnerability (Jun 2013) - Windows

Resumen: ImageMagick is prone to an integer overflow vulnerability.

Descripción: Summary:
ImageMagick is prone to an integer overflow vulnerability.

Vulnerability Insight:
Integer overflow error occurs due to an improper sanitation of user supplied
input when computing the sum of 'number_bytes' and 'offset' in
magick/profile.c or magick/property.c with a specially crafted request.

Vulnerability Impact:
Successful exploitation will allow a context-dependent attacker to cause
denial of service condition or potentially execute arbitrary code.

Affected Software/OS:
ImageMagick version 6.7.5 and earlier on Windows.

Solution:
Upgrade to ImageMagick version 6.7.5-1 or later.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-1185
47926
http://secunia.com/advisories/47926
48974
http://secunia.com/advisories/48974
49043
http://secunia.com/advisories/49043
49317
http://secunia.com/advisories/49317
51957
http://www.securityfocus.com/bid/51957
80556
http://www.osvdb.org/80556
DSA-2462
http://www.debian.org/security/2012/dsa-2462
USN-1435-1
http://ubuntu.com/usn/usn-1435-1
[oss-security] 20120319 CVE-2012-1185 / CVE-2012-1186 assignment notification - incomplete ImageMagick fixes for CVE-2012-0247 / CVE-2012-0248
http://www.openwall.com/lists/oss-security/2012/03/19/5
http://trac.imagemagick.org/changeset/6998/ImageMagick/branches/ImageMagick-6.7.5/magick/profile.c
http://trac.imagemagick.org/changeset/6998/ImageMagick/branches/ImageMagick-6.7.5/magick/property.c
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1185
imagemagick-profile-code-execution(76140)
https://exchange.xforce.ibmcloud.com/vulnerabilities/76140
openSUSE-SU-2012:0692
http://lists.opensuse.org/opensuse-updates/2012-06/msg00001.html

Copyright Copyright (C) 2013 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.803814
Categoría:	Buffer overflow
Título:	ImageMagick < 6.7.5-1 Integer Overflow Vulnerability (Jun 2013) - Windows
Resumen:	ImageMagick is prone to an integer overflow vulnerability.
Descripción:	Summary: ImageMagick is prone to an integer overflow vulnerability. Vulnerability Insight: Integer overflow error occurs due to an improper sanitation of user supplied input when computing the sum of 'number_bytes' and 'offset' in magick/profile.c or magick/property.c with a specially crafted request. Vulnerability Impact: Successful exploitation will allow a context-dependent attacker to cause denial of service condition or potentially execute arbitrary code. Affected Software/OS: ImageMagick version 6.7.5 and earlier on Windows. Solution: Upgrade to ImageMagick version 6.7.5-1 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-1185 47926 http://secunia.com/advisories/47926 48974 http://secunia.com/advisories/48974 49043 http://secunia.com/advisories/49043 49317 http://secunia.com/advisories/49317 51957 http://www.securityfocus.com/bid/51957 80556 http://www.osvdb.org/80556 DSA-2462 http://www.debian.org/security/2012/dsa-2462 USN-1435-1 http://ubuntu.com/usn/usn-1435-1 [oss-security] 20120319 CVE-2012-1185 / CVE-2012-1186 assignment notification - incomplete ImageMagick fixes for CVE-2012-0247 / CVE-2012-0248 http://www.openwall.com/lists/oss-security/2012/03/19/5 http://trac.imagemagick.org/changeset/6998/ImageMagick/branches/ImageMagick-6.7.5/magick/profile.c http://trac.imagemagick.org/changeset/6998/ImageMagick/branches/ImageMagick-6.7.5/magick/property.c https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1185 imagemagick-profile-code-execution(76140) https://exchange.xforce.ibmcloud.com/vulnerabilities/76140 openSUSE-SU-2012:0692 http://lists.opensuse.org/opensuse-updates/2012-06/msg00001.html
Copyright	Copyright (C) 2013 Greenbone AG