Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.60739
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2008:0145
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2008:0145.

ImageMagick is an image display and manipulation tool for the X Window
System that can read and write multiple image formats.

Several heap-based buffer overflow flaws were found in ImageMagick. If a
victim opened a specially crafted DCM or XWD file, an attacker could
potentially execute arbitrary code on the victim's machine. (CVE-2007-1797)

Several denial of service flaws were found in ImageMagick's parsing of XCF
and DCM files. Attempting to process a specially-crafted input file in
these formats could cause ImageMagick to enter an infinite loop.
(CVE-2007-4985)

Several integer overflow flaws were found in ImageMagick. If a victim
opened a specially-crafted DCM, DIB, XBM, XCF or XWD file, an attacker
could potentially execute arbitrary code with the privileges of the user
running ImageMagick. (CVE-2007-4986)

An integer overflow flaw was found in ImageMagick's DIB parsing code. If a
victim opened a specially-crafted DIB file, an attacker could potentially
execute arbitrary code with the privileges of the user running ImageMagick.
(CVE-2007-4988)

A heap-based buffer overflow flaw was found in the way ImageMagick parsed
XCF files. If a specially-crafted XCF image was opened, ImageMagick could
be made to overwrite heap memory beyond the bounds of its allocated memory.
This could, potentially, allow an attacker to execute arbitrary code on the
machine running ImageMagick. (CVE-2008-1096)

A heap-based buffer overflow flaw was found in ImageMagick's processing of
certain malformed PCX images. If a victim opened a specially-crafted PCX
file, an attacker could possibly execute arbitrary code on the victim's
machine. (CVE-2008-1097)

All users of ImageMagick should upgrade to these updated packages, which
contain backported patches to correct these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2008-0145.html
http://www.redhat.com/security/updates/classification/#moderate

Risk factor : High

CVSS Score:
6.8

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-1797
BugTraq ID: 23252
http://www.securityfocus.com/bid/23252
BugTraq ID: 23347
http://www.securityfocus.com/bid/23347
Debian Security Information: DSA-1858 (Google Search)
http://www.debian.org/security/2009/dsa-1858
http://security.gentoo.org/glsa/glsa-200705-13.xml
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=496
http://www.mandriva.com/security/advisories?name=MDKSA-2007:147
http://www.imagemagick.org/script/changelog.php
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9254
http://www.redhat.com/support/errata/RHSA-2008-0145.html
http://www.redhat.com/support/errata/RHSA-2008-0165.html
http://www.securitytracker.com/id?1017839
http://secunia.com/advisories/24721
http://secunia.com/advisories/24739
http://secunia.com/advisories/25072
http://secunia.com/advisories/25206
http://secunia.com/advisories/25992
http://secunia.com/advisories/26177
http://secunia.com/advisories/29786
http://secunia.com/advisories/29857
http://secunia.com/advisories/36260
SuSE Security Announcement: SUSE-SR:2007:008 (Google Search)
http://www.novell.com/linux/security/advisories/2007_8_sr.html
http://www.ubuntu.com/usn/usn-481-1
http://www.vupen.com/english/advisories/2007/1200
XForce ISS Database: imagemagick-readdcmimage-bo(33376)
https://exchange.xforce.ibmcloud.com/vulnerabilities/33376
XForce ISS Database: imagemagick-readxwdimage-bo(33377)
https://exchange.xforce.ibmcloud.com/vulnerabilities/33377
Common Vulnerability Exposure (CVE) ID: CVE-2007-4985
BugTraq ID: 25764
http://www.securityfocus.com/bid/25764
Bugtraq: 20071112 FLEA-2007-0066-1 ImageMagick (Google Search)
http://www.securityfocus.com/archive/1/483572/100/0/threaded
http://security.gentoo.org/glsa/glsa-200710-27.xml
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=596
http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:035
http://studio.imagemagick.org/pipermail/magick-announce/2007-September/000037.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10869
http://www.securitytracker.com/id?1018729
http://secunia.com/advisories/26926
http://secunia.com/advisories/27048
http://secunia.com/advisories/27309
http://secunia.com/advisories/27364
http://secunia.com/advisories/27439
http://secunia.com/advisories/28721
SuSE Security Announcement: SUSE-SR:2007:023 (Google Search)
http://www.novell.com/linux/security/advisories/2007_23_sr.html
http://www.ubuntu.com/usn/usn-523-1
http://www.vupen.com/english/advisories/2007/3245
XForce ISS Database: imagemagick-readdcmimage-readxcfimage-dos(36740)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36740
Common Vulnerability Exposure (CVE) ID: CVE-2007-4986
BugTraq ID: 25763
http://www.securityfocus.com/bid/25763
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=594
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9963
http://secunia.com/advisories/35316
XForce ISS Database: imagemagick-multiplefunctions-bo(36738)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36738
Common Vulnerability Exposure (CVE) ID: CVE-2007-4988
BugTraq ID: 25765
http://www.securityfocus.com/bid/25765
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=597
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9656
XForce ISS Database: imagemagick-readdibimage-bo(36737)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36737
Common Vulnerability Exposure (CVE) ID: CVE-2008-1096
BugTraq ID: 28821
http://www.securityfocus.com/bid/28821
http://www.mandriva.com/security/advisories?name=MDVSA-2008:099
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414370
https://bugzilla.redhat.com/show_bug.cgi?id=286411
http://osvdb.org/43212
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10843
http://www.securitytracker.com/id?1019880
http://secunia.com/advisories/30967
http://secunia.com/advisories/32945
SuSE Security Announcement: SUSE-SR:2008:014 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
http://www.ubuntu.com/usn/USN-681-1
XForce ISS Database: imagemagick-loadtile-code-execution(41194)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41194
Common Vulnerability Exposure (CVE) ID: CVE-2008-1097
BugTraq ID: 28822
http://www.securityfocus.com/bid/28822
http://security.gentoo.org/glsa/glsa-201311-10.xml
https://bugzilla.redhat.com/show_bug.cgi?id=285861
http://osvdb.org/43213
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11237
http://www.securitytracker.com/id?1019881
http://secunia.com/advisories/55721
XForce ISS Database: imagemagick-readpcximage-bo(41193)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41193
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.