Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.58030
Category:Turbolinux Local Security Tests
Title:Turbolinux TLSA-2007-5 (ImageMagick)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to ImageMagick
announced via advisory TLSA-2007-5.

ImageMagick(TM) is an image display and manipulation tool for the X Window System.
ImageMagick can read and write JPEG, TIFF, PNM, GIF and Photo CD image file formats.

Multiple buffer overflows in ImageMagick,user-assisted attackers to execute arbitrary
code via crafted XCF images.
Multiple integer overflows in ImageMagick, user-assisted attackers to execute arbitrary
code via crafted Sun Rasterfile (bitmap) images.
Integer overflow in the ReadSGIImage function.
Multiple buffer overflows in Imagemagick has unknown impact and user-assisted attack
vectors via a crafted SGI image.

These vulnerabilities may allow remote attackers to execute arbitrary code via a
malformed image or video file in AVI or BMP formats.

Solution: Please use the turbopkg (zabom) tool to apply the update.
http://www.securityspace.com/smysecure/catid.html?in=TLSA-2007-5

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-3743
BugTraq ID: 19697
http://www.securityfocus.com/bid/19697
Debian Security Information: DSA-1168 (Google Search)
http://www.debian.org/security/2006/dsa-1168
http://security.gentoo.org/glsa/glsa-200609-14.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:155
http://bugs.gentoo.org/show_bug.cgi?id=144854
http://www.osvdb.org/28205
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9895
http://www.redhat.com/support/errata/RHSA-2006-0633.html
http://securitytracker.com/id?1016749
http://secunia.com/advisories/21615
http://secunia.com/advisories/21621
http://secunia.com/advisories/21671
http://secunia.com/advisories/21679
http://secunia.com/advisories/21719
http://secunia.com/advisories/21780
http://secunia.com/advisories/21832
http://secunia.com/advisories/22036
http://secunia.com/advisories/22096
SGI Security Advisory: 20060901-01-P
ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
SuSE Security Announcement: SUSE-SA:2006:050 (Google Search)
http://www.novell.com/linux/security/advisories/2006_50_imagemagick.html
http://www.ubuntu.com/usn/usn-340-1
http://www.vupen.com/english/advisories/2006/3375
XForce ISS Database: imagemagick-propuserunit-bo(28575)
https://exchange.xforce.ibmcloud.com/vulnerabilities/28575
Common Vulnerability Exposure (CVE) ID: CVE-2006-4144
BugTraq ID: 19507
http://www.securityfocus.com/bid/19507
Bugtraq: 20060814 [Overflow.pl] ImageMagick ReadSGIImage() Heap Overflow (Google Search)
http://www.securityfocus.com/archive/1/443208/100/0/threaded
Bugtraq: 20060816 Re: [Overflow.pl] ImageMagick ReadSGIImage() Heap Overflow (Google Search)
http://www.securityfocus.com/archive/1/443362/100/0/threaded
Debian Security Information: DSA-1213 (Google Search)
http://www.debian.org/security/2006/dsa-1213
http://www.overflow.pl/adv/imsgiheap.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11129
http://securitytracker.com/id?1016699
http://secunia.com/advisories/21462
http://secunia.com/advisories/21525
http://secunia.com/advisories/22998
http://securityreason.com/securityalert/1385
http://www.ubuntu.com/usn/usn-337-1
XForce ISS Database: imagemagick-readsgiimage-bo(28372)
https://exchange.xforce.ibmcloud.com/vulnerabilities/28372
Common Vulnerability Exposure (CVE) ID: CVE-2006-5456
BugTraq ID: 20707
http://www.securityfocus.com/bid/20707
Bugtraq: 20061127 rPSA-2006-0218-1 ImageMagick (Google Search)
http://www.securityfocus.com/archive/1/452718/100/100/threaded
Bugtraq: 20070208 rPSA-2007-0029-1 ImageMagick (Google Search)
http://www.securityfocus.com/archive/1/459507/100/0/threaded
http://security.gentoo.org/glsa/glsa-200611-07.xml
http://security.gentoo.org/glsa/glsa-200611-19.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:193
http://www.mandriva.com/security/advisories?name=MDKSA-2007:041
http://www.osvdb.org/29990
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9765
http://www.redhat.com/support/errata/RHSA-2007-0015.html
http://secunia.com/advisories/22569
http://secunia.com/advisories/22572
http://secunia.com/advisories/22601
http://secunia.com/advisories/22604
http://secunia.com/advisories/22819
http://secunia.com/advisories/22834
http://secunia.com/advisories/23090
http://secunia.com/advisories/23121
http://secunia.com/advisories/24186
http://secunia.com/advisories/24196
http://secunia.com/advisories/24284
http://secunia.com/advisories/24458
SGI Security Advisory: 20070201-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.352092
SuSE Security Announcement: SUSE-SA:2006:066 (Google Search)
http://www.novell.com/linux/security/advisories/2006_66_imagemagick.html
SuSE Security Announcement: SUSE-SR:2007:003 (Google Search)
http://www.novell.com/linux/security/advisories/2007_3_sr.html
http://www.ubuntu.com/usn/usn-372-1
http://www.ubuntu.com/usn/usn-422-1
http://www.vupen.com/english/advisories/2006/4170
http://www.vupen.com/english/advisories/2006/4171
XForce ISS Database: imagemagick-graphicsmagick-palm-bo(29816)
https://exchange.xforce.ibmcloud.com/vulnerabilities/29816
Common Vulnerability Exposure (CVE) ID: CVE-2006-5868
BugTraq ID: 21185
http://www.securityfocus.com/bid/21185
http://www.mandriva.com/security/advisories?name=MDKSA-2006:223
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10612
http://secunia.com/advisories/23101
http://secunia.com/advisories/23219
http://www.ubuntu.com/usn/usn-386-1
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.