English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 75096 CVE descriptions
and 39644 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.60739
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2008:0145
Summary:Redhat Security Advisory RHSA-2008:0145
Description:
The remote host is missing updates announced in
advisory RHSA-2008:0145.

ImageMagick is an image display and manipulation tool for the X Window
System that can read and write multiple image formats.

Several heap-based buffer overflow flaws were found in ImageMagick. If a
victim opened a specially crafted DCM or XWD file, an attacker could
potentially execute arbitrary code on the victim's machine. (CVE-2007-1797)

Several denial of service flaws were found in ImageMagick's parsing of XCF
and DCM files. Attempting to process a specially-crafted input file in
these formats could cause ImageMagick to enter an infinite loop.
(CVE-2007-4985)

Several integer overflow flaws were found in ImageMagick. If a victim
opened a specially-crafted DCM, DIB, XBM, XCF or XWD file, an attacker
could potentially execute arbitrary code with the privileges of the user
running ImageMagick. (CVE-2007-4986)

An integer overflow flaw was found in ImageMagick's DIB parsing code. If a
victim opened a specially-crafted DIB file, an attacker could potentially
execute arbitrary code with the privileges of the user running ImageMagick.
(CVE-2007-4988)

A heap-based buffer overflow flaw was found in the way ImageMagick parsed
XCF files. If a specially-crafted XCF image was opened, ImageMagick could
be made to overwrite heap memory beyond the bounds of its allocated memory.
This could, potentially, allow an attacker to execute arbitrary code on the
machine running ImageMagick. (CVE-2008-1096)

A heap-based buffer overflow flaw was found in ImageMagick's processing of
certain malformed PCX images. If a victim opened a specially-crafted PCX
file, an attacker could possibly execute arbitrary code on the victim's
machine. (CVE-2008-1097)

All users of ImageMagick should upgrade to these updated packages, which
contain backported patches to correct these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2008-0145.html
http://www.redhat.com/security/updates/classification/#moderate

Risk factor : High
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-1797
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=496
http://www.imagemagick.org/script/changelog.php
Debian Security Information: DSA-1858 (Google Search)
http://www.debian.org/security/2009/dsa-1858
http://security.gentoo.org/glsa/glsa-200705-13.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:147
http://www.redhat.com/support/errata/RHSA-2008-0145.html
http://www.redhat.com/support/errata/RHSA-2008-0165.html
SuSE Security Announcement: SUSE-SR:2007:008 (Google Search)
http://www.novell.com/linux/security/advisories/2007_8_sr.html
http://www.ubuntu.com/usn/usn-481-1
BugTraq ID: 23347
http://www.securityfocus.com/bid/23347
BugTraq ID: 23252
http://www.securityfocus.com/bid/23252
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9254
http://secunia.com/advisories/36260
http://www.vupen.com/english/advisories/2007/1200
http://www.securitytracker.com/id?1017839
http://secunia.com/advisories/24721
http://secunia.com/advisories/24739
http://secunia.com/advisories/25072
http://secunia.com/advisories/25206
http://secunia.com/advisories/25992
http://secunia.com/advisories/26177
http://secunia.com/advisories/29786
http://secunia.com/advisories/29857
XForce ISS Database: imagemagick-readdcmimage-bo(33376)
http://xforce.iss.net/xforce/xfdb/33376
XForce ISS Database: imagemagick-readxwdimage-bo(33377)
http://xforce.iss.net/xforce/xfdb/33377
Common Vulnerability Exposure (CVE) ID: CVE-2007-4985
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=596
Bugtraq: 20071112 FLEA-2007-0066-1 ImageMagick (Google Search)
http://www.securityfocus.com/archive/1/archive/1/483572/100/0/threaded
http://studio.imagemagick.org/pipermail/magick-announce/2007-September/000037.html
http://security.gentoo.org/glsa/glsa-200710-27.xml
http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:035
SuSE Security Announcement: SUSE-SR:2007:023 (Google Search)
http://www.novell.com/linux/security/advisories/2007_23_sr.html
http://www.ubuntu.com/usn/usn-523-1
BugTraq ID: 25764
http://www.securityfocus.com/bid/25764
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10869
http://www.vupen.com/english/advisories/2007/3245
http://www.securitytracker.com/id?1018729
http://secunia.com/advisories/26926
http://secunia.com/advisories/27048
http://secunia.com/advisories/27309
http://secunia.com/advisories/27364
http://secunia.com/advisories/27439
http://secunia.com/advisories/28721
XForce ISS Database: imagemagick-readdcmimage-readxcfimage-dos(36740)
http://xforce.iss.net/xforce/xfdb/36740
Common Vulnerability Exposure (CVE) ID: CVE-2007-4986
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=594
BugTraq ID: 25763
http://www.securityfocus.com/bid/25763
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9963
http://secunia.com/advisories/35316
XForce ISS Database: imagemagick-multiplefunctions-bo(36738)
http://xforce.iss.net/xforce/xfdb/36738
Common Vulnerability Exposure (CVE) ID: CVE-2007-4988
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=597
BugTraq ID: 25765
http://www.securityfocus.com/bid/25765
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9656
XForce ISS Database: imagemagick-readdibimage-bo(36737)
http://xforce.iss.net/xforce/xfdb/36737
Common Vulnerability Exposure (CVE) ID: CVE-2008-1096
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414370
https://bugzilla.redhat.com/show_bug.cgi?id=286411
http://www.mandriva.com/security/advisories?name=MDVSA-2008:099
SuSE Security Announcement: SUSE-SR:2008:014 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
http://www.ubuntu.com/usn/USN-681-1
BugTraq ID: 28821
http://www.securityfocus.com/bid/28821
http://osvdb.org/43212
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10843
http://www.securitytracker.com/id?1019880
http://secunia.com/advisories/30967
http://secunia.com/advisories/32945
XForce ISS Database: imagemagick-loadtile-code-execution(41194)
http://xforce.iss.net/xforce/xfdb/41194
Common Vulnerability Exposure (CVE) ID: CVE-2008-1097
https://bugzilla.redhat.com/show_bug.cgi?id=285861
http://security.gentoo.org/glsa/glsa-201311-10.xml
BugTraq ID: 28822
http://www.securityfocus.com/bid/28822
http://osvdb.org/43213
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11237
http://www.securitytracker.com/id?1019881
http://secunia.com/advisories/55721
XForce ISS Database: imagemagick-readpcximage-bo(41193)
http://xforce.iss.net/xforce/xfdb/41193
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 39644 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.