Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 702-1 (imagemagick)
The remote host is missing an update to imagemagick
announced via advisory DSA 702-1.

Several vulnerabilities have been discovered in ImageMagick, a
commonly used image manipulation library. These problems can be
exploited by a carefully crafted graphic image. The Common
Vulnerabilities and Exposures project identifies the following


Tavis Ormandy discovered a format string vulnerability in the
filename handling code which allows a remote attacker to cause a
denial of service and possibly execute arbitrary code.


Andrei Nigmatulin discovered a denial of service condition which
can be caused by an invalid tag in a TIFF image.


Andrei Nigmatulin discovered that the TIFF decoder is vulnerable
to accessing memory out of bounds which will result in a
segmentation fault.


Andrei Nigmatulin discovered a buffer overflow in the SGI parser
which allows a remote attacker to execute arbitrary code via a
specially crafted SGI image file.

For the stable distribution (woody) these problems have been fixed in

For the unstable distribution (sid) these problems have been fixed in

We recommend that you upgrade your imagemagick package.


CVSS Score:

CVSS Vector:

Cross-Ref: BugTraq ID: 12875
Common Vulnerability Exposure (CVE) ID: CVE-2005-0397
Bugtraq: 20050303 [USN-90-1] Imagemagick vulnerability (Google Search)
Debian Security Information: DSA-702 (Google Search)
RedHat Security Advisories: RHSA-2005:070
SuSE Security Announcement: SUSE-SA:2005:017 (Google Search)
XForce ISS Database: imagemagick-filename-format-string(19586)
Common Vulnerability Exposure (CVE) ID: CVE-2005-0759
Common Vulnerability Exposure (CVE) ID: CVE-2005-0760
Common Vulnerability Exposure (CVE) ID: CVE-2005-0762
CopyrightCopyright (c) 2005 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2022 E-Soft Inc. All rights reserved.