Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.60740
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2008:0165
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2008:0165.

ImageMagick is an image display and manipulation tool for the X Window
System that can read and write multiple image formats.

Several heap-based buffer overflow flaws were found in ImageMagick. If a
victim opened a specially-crafted DCM or XWD file, an attacker could
potentially execute arbitrary code on the victim's machine. (CVE-2007-1797)

Several denial of service flaws were found in ImageMagick's parsing of XCF
and DCM files. Attempting to process a specially crafted input file in
these formats could cause ImageMagick to enter an infinite loop.
(CVE-2007-4985)

Several integer overflow flaws were found in ImageMagick. If a victim
opened a specially-crafted DCM, DIB, XBM, XCF or XWD file, an attacker
could potentially execute arbitrary code with the privileges of the user
running ImageMagick. (CVE-2007-4986)

A heap-based buffer overflow flaw was found in ImageMagick's processing of
certain malformed PCX images. If a victim opened a specially-crafted PCX
file, an attacker could possibly execute arbitrary code with the privileges
of the user running ImageMagick.. (CVE-2008-1097)

All users of ImageMagick should upgrade to these updated packages, which
contain backported patches to correct these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2008-0165.html
http://www.redhat.com/security/updates/classification/#moderate

Risk factor : High

CVSS Score:
6.8

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-1797
BugTraq ID: 23252
http://www.securityfocus.com/bid/23252
BugTraq ID: 23347
http://www.securityfocus.com/bid/23347
Debian Security Information: DSA-1858 (Google Search)
http://www.debian.org/security/2009/dsa-1858
http://security.gentoo.org/glsa/glsa-200705-13.xml
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=496
http://www.mandriva.com/security/advisories?name=MDKSA-2007:147
http://www.imagemagick.org/script/changelog.php
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9254
http://www.redhat.com/support/errata/RHSA-2008-0145.html
http://www.redhat.com/support/errata/RHSA-2008-0165.html
http://www.securitytracker.com/id?1017839
http://secunia.com/advisories/24721
http://secunia.com/advisories/24739
http://secunia.com/advisories/25072
http://secunia.com/advisories/25206
http://secunia.com/advisories/25992
http://secunia.com/advisories/26177
http://secunia.com/advisories/29786
http://secunia.com/advisories/29857
http://secunia.com/advisories/36260
SuSE Security Announcement: SUSE-SR:2007:008 (Google Search)
http://www.novell.com/linux/security/advisories/2007_8_sr.html
http://www.ubuntu.com/usn/usn-481-1
http://www.vupen.com/english/advisories/2007/1200
XForce ISS Database: imagemagick-readdcmimage-bo(33376)
https://exchange.xforce.ibmcloud.com/vulnerabilities/33376
XForce ISS Database: imagemagick-readxwdimage-bo(33377)
https://exchange.xforce.ibmcloud.com/vulnerabilities/33377
Common Vulnerability Exposure (CVE) ID: CVE-2007-4985
BugTraq ID: 25764
http://www.securityfocus.com/bid/25764
Bugtraq: 20071112 FLEA-2007-0066-1 ImageMagick (Google Search)
http://www.securityfocus.com/archive/1/483572/100/0/threaded
http://security.gentoo.org/glsa/glsa-200710-27.xml
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=596
http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:035
http://studio.imagemagick.org/pipermail/magick-announce/2007-September/000037.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10869
http://www.securitytracker.com/id?1018729
http://secunia.com/advisories/26926
http://secunia.com/advisories/27048
http://secunia.com/advisories/27309
http://secunia.com/advisories/27364
http://secunia.com/advisories/27439
http://secunia.com/advisories/28721
SuSE Security Announcement: SUSE-SR:2007:023 (Google Search)
http://www.novell.com/linux/security/advisories/2007_23_sr.html
http://www.ubuntu.com/usn/usn-523-1
http://www.vupen.com/english/advisories/2007/3245
XForce ISS Database: imagemagick-readdcmimage-readxcfimage-dos(36740)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36740
Common Vulnerability Exposure (CVE) ID: CVE-2007-4986
BugTraq ID: 25763
http://www.securityfocus.com/bid/25763
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=594
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9963
http://secunia.com/advisories/35316
XForce ISS Database: imagemagick-multiplefunctions-bo(36738)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36738
Common Vulnerability Exposure (CVE) ID: CVE-2008-1097
BugTraq ID: 28822
http://www.securityfocus.com/bid/28822
http://security.gentoo.org/glsa/glsa-201311-10.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:099
https://bugzilla.redhat.com/show_bug.cgi?id=285861
http://osvdb.org/43213
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11237
http://www.securitytracker.com/id?1019881
http://secunia.com/advisories/30967
http://secunia.com/advisories/55721
SuSE Security Announcement: SUSE-SR:2008:014 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
XForce ISS Database: imagemagick-readpcximage-bo(41193)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41193
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.