Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.57336
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 1168-1 (imagemagick)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to imagemagick
announced via advisory DSA 1168-1.

Several remote vulnerabilities have been discovered in Imagemagick, a
collection of image manipulation tools, which may lead to the execution
of arbitrary code. The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2006-2440

Eero Häkkinen discovered that the display tool allocates insufficient
memory for globbing patterns, which might lead to a buffer overflow.

CVE-2006-3743

Tavis Ormandy from the Google Security Team discovered that the Sun
bitmap decoder performs insufficient input sanitising, which might
lead to buffer overflows and the execution of arbitrary code.

CVE-2006-3744

Tavis Ormandy from the Google Security Team discovered that the XCF
image decoder performs insufficient input sanitising, which might
lead to buffer overflows and the execution of arbitrary code.

For the stable distribution (sarge) these problems have been fixed in
version 6:6.0.6.2-2.7.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your imagemagick packages.

Solution:
http://www.securityspace.com/smysecure/catid.html?in=DSA%201168-1

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-2440
Debian Security Information: DSA-1168 (Google Search)
http://www.debian.org/security/2006/dsa-1168
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9481
http://www.redhat.com/support/errata/RHSA-2007-0015.html
http://secunia.com/advisories/21719
http://secunia.com/advisories/24186
http://secunia.com/advisories/24284
SGI Security Advisory: 20070201-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
Common Vulnerability Exposure (CVE) ID: CVE-2006-3743
BugTraq ID: 19697
http://www.securityfocus.com/bid/19697
http://security.gentoo.org/glsa/glsa-200609-14.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:155
http://bugs.gentoo.org/show_bug.cgi?id=144854
http://www.osvdb.org/28205
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9895
http://www.redhat.com/support/errata/RHSA-2006-0633.html
http://securitytracker.com/id?1016749
http://secunia.com/advisories/21615
http://secunia.com/advisories/21621
http://secunia.com/advisories/21671
http://secunia.com/advisories/21679
http://secunia.com/advisories/21780
http://secunia.com/advisories/21832
http://secunia.com/advisories/22036
http://secunia.com/advisories/22096
SGI Security Advisory: 20060901-01-P
ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
SuSE Security Announcement: SUSE-SA:2006:050 (Google Search)
http://www.novell.com/linux/security/advisories/2006_50_imagemagick.html
http://www.ubuntu.com/usn/usn-340-1
http://www.vupen.com/english/advisories/2006/3375
XForce ISS Database: imagemagick-propuserunit-bo(28575)
https://exchange.xforce.ibmcloud.com/vulnerabilities/28575
Common Vulnerability Exposure (CVE) ID: CVE-2006-3744
BugTraq ID: 19699
http://www.securityfocus.com/bid/19699
http://www.osvdb.org/28204
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11486
XForce ISS Database: imagemagick-rasterfile-bo(28574)
https://exchange.xforce.ibmcloud.com/vulnerabilities/28574
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2022 E-Soft Inc. All rights reserved.