Description: | Description: The remote host is missing an update to the system as announced in the referenced advisory.
The following packages are affected: ImageMagick ImageMagick-nox11
CVE-2004-0597 Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.
CVE-2004-0598 The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote attackers to cause a denial of service (application crash) via a certain PNG image that triggers a null dereference.
CVE-2004-0599 Multiple integer overflows in the (1) png_read_png in pngread.c or (2) png_handle_sPLT functions in pngrutil.c or (3) progressive display image reading capability in libpng 1.2.5 and earlier allow remote attackers to cause a denial of service (application crash) via a malformed PNG image.
Solution: Update your system with the appropriate patches or software upgrades.
http://studio.imagemagick.org/pipermail/magick-users/2004-August/013218.html http://freshmeat.net/releases/169228 http://secunia.com/advisories/12236 http://www.freebsd.org/ports/portaudit/f9e3e60b-e650-11d8-9b0a-000347a4fa7d.html http://www.vuxml.org/freebsd/a713c0f9-ec54-11d8-9440-000347a4fa7d.html
CVSS Score: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
|