English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.65746
Category:Debian Local Security Checks
Title:Debian: Security Advisory (DSA-1903-1)
Summary:The remote host is missing an update for the Debian 'graphicsmagick' package(s) announced via the DSA-1903-1 advisory.
Description:Summary:
The remote host is missing an update for the Debian 'graphicsmagick' package(s) announced via the DSA-1903-1 advisory.

Vulnerability Insight:
Several vulnerabilities have been discovered in graphicsmagick, a collection of image processing tool, which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-1667

Multiple integer overflows in XInitImage function in xwd.c for GraphicsMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. It only affects the oldstable distribution (etch).

CVE-2007-1797

Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted DCM image, or the colors or comments field in a crafted XWD image. It only affects the oldstable distribution (etch).

CVE-2007-4985

A crafted image file can trigger an infinite loop in the ReadDCMImage function or in the ReadXCFImage function. It only affects the oldstable distribution (etch).

CVE-2007-4986

Multiple integer overflows allow context-dependent attackers to execute arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file, which triggers a heap-based buffer overflow. It only affects the oldstable distribution (etch).

CVE-2007-4988

A sign extension error allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. It affects only the oldstable distribution (etch).

CVE-2008-1096

The load_tile function in the XCF coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write. It affects only oldstable (etch).

CVE-2008-3134

Multiple vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via vectors in the AVI, AVS, DCM, EPT, FITS, MTV, PALM, RLA, and TGA decoder readers, and the GetImageCharacteristics function in magick/image.c, as reachable from a crafted PNG, JPEG, BMP, or TIFF file.

CVE-2008-6070

Multiple heap-based buffer underflows in the ReadPALMImage function in coders/palm.c in GraphicsMagick before 1.2.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PALM image.

CVE-2008-6071

Heap-based buffer overflow in the DecodeImage function in coders/pict.c in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PICT image.

CVE-2008-6072

Multiple vulnerabilities in GraphicsMagick allow remote attackers to cause a denial of service (crash) via vectors in XCF and CINEON images.

CVE-2008-6621

Vulnerability in GraphicsMagick allows remote ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'graphicsmagick' package(s) on Debian 4, Debian 5.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-1667
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
BugTraq ID: 23300
http://www.securityfocus.com/bid/23300
Bugtraq: 20070404 rPSA-2007-0065-1 freetype xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs (Google Search)
http://www.securityfocus.com/archive/1/464686/100/0/threaded
Bugtraq: 20070405 FLEA-2007-0009-1: xorg-x11 freetype (Google Search)
http://www.securityfocus.com/archive/1/464816/100/0/threaded
Debian Security Information: DSA-1294 (Google Search)
http://www.debian.org/security/2007/dsa-1294
Debian Security Information: DSA-1858 (Google Search)
http://www.debian.org/security/2009/dsa-1858
http://security.gentoo.org/glsa/glsa-200705-06.xml
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:079
http://www.mandriva.com/security/advisories?name=MDKSA-2007:147
http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html
OpenBSD Security Advisory: [3.9] 021: SECURITY FIX: April 4, 2007
http://www.openbsd.org/errata39.html#021_xorg
OpenBSD Security Advisory: [4.0] 011: SECURITY FIX: April 4, 2007
http://www.openbsd.org/errata40.html#011_xorg
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1693
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9776
RedHat Security Advisories: RHSA-2007:0125
http://rhn.redhat.com/errata/RHSA-2007-0125.html
http://www.redhat.com/support/errata/RHSA-2007-0126.html
http://www.redhat.com/support/errata/RHSA-2007-0157.html
http://www.securitytracker.com/id?1017864
http://secunia.com/advisories/24739
http://secunia.com/advisories/24741
http://secunia.com/advisories/24745
http://secunia.com/advisories/24756
http://secunia.com/advisories/24758
http://secunia.com/advisories/24765
http://secunia.com/advisories/24771
http://secunia.com/advisories/24791
http://secunia.com/advisories/24953
http://secunia.com/advisories/24975
http://secunia.com/advisories/25004
http://secunia.com/advisories/25072
http://secunia.com/advisories/25112
http://secunia.com/advisories/25131
http://secunia.com/advisories/25305
http://secunia.com/advisories/25992
http://secunia.com/advisories/26177
http://secunia.com/advisories/30161
http://secunia.com/advisories/33937
http://secunia.com/advisories/36260
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102888-1
SuSE Security Announcement: SUSE-SA:2007:027 (Google Search)
http://www.novell.com/linux/security/advisories/2007_27_x.html
SuSE Security Announcement: SUSE-SR:2007:008 (Google Search)
http://www.novell.com/linux/security/advisories/2007_8_sr.html
http://www.ubuntu.com/usn/usn-453-1
http://www.ubuntu.com/usn/usn-453-2
http://www.ubuntu.com/usn/usn-481-1
http://www.vupen.com/english/advisories/2007/1217
http://www.vupen.com/english/advisories/2007/1531
Common Vulnerability Exposure (CVE) ID: CVE-2007-1797
BugTraq ID: 23252
http://www.securityfocus.com/bid/23252
BugTraq ID: 23347
http://www.securityfocus.com/bid/23347
http://security.gentoo.org/glsa/glsa-200705-13.xml
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=496
http://www.imagemagick.org/script/changelog.php
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9254
http://www.redhat.com/support/errata/RHSA-2008-0145.html
http://www.redhat.com/support/errata/RHSA-2008-0165.html
http://www.securitytracker.com/id?1017839
http://secunia.com/advisories/24721
http://secunia.com/advisories/25206
http://secunia.com/advisories/29786
http://secunia.com/advisories/29857
http://www.vupen.com/english/advisories/2007/1200
XForce ISS Database: imagemagick-readdcmimage-bo(33376)
https://exchange.xforce.ibmcloud.com/vulnerabilities/33376
XForce ISS Database: imagemagick-readxwdimage-bo(33377)
https://exchange.xforce.ibmcloud.com/vulnerabilities/33377
Common Vulnerability Exposure (CVE) ID: CVE-2007-4985
BugTraq ID: 25764
http://www.securityfocus.com/bid/25764
Bugtraq: 20071112 FLEA-2007-0066-1 ImageMagick (Google Search)
http://www.securityfocus.com/archive/1/483572/100/0/threaded
http://security.gentoo.org/glsa/glsa-200710-27.xml
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=596
http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:035
http://studio.imagemagick.org/pipermail/magick-announce/2007-September/000037.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10869
http://www.securitytracker.com/id?1018729
http://secunia.com/advisories/26926
http://secunia.com/advisories/27048
http://secunia.com/advisories/27309
http://secunia.com/advisories/27364
http://secunia.com/advisories/27439
http://secunia.com/advisories/28721
SuSE Security Announcement: SUSE-SR:2007:023 (Google Search)
http://www.novell.com/linux/security/advisories/2007_23_sr.html
http://www.ubuntu.com/usn/usn-523-1
http://www.vupen.com/english/advisories/2007/3245
XForce ISS Database: imagemagick-readdcmimage-readxcfimage-dos(36740)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36740
Common Vulnerability Exposure (CVE) ID: CVE-2007-4986
BugTraq ID: 25763
http://www.securityfocus.com/bid/25763
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=594
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9963
http://secunia.com/advisories/35316
XForce ISS Database: imagemagick-multiplefunctions-bo(36738)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36738
Common Vulnerability Exposure (CVE) ID: CVE-2007-4988
BugTraq ID: 25765
http://www.securityfocus.com/bid/25765
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=597
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9656
XForce ISS Database: imagemagick-readdibimage-bo(36737)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36737
Common Vulnerability Exposure (CVE) ID: CVE-2008-1096
BugTraq ID: 28821
http://www.securityfocus.com/bid/28821
http://www.mandriva.com/security/advisories?name=MDVSA-2008:099
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414370
https://bugzilla.redhat.com/show_bug.cgi?id=286411
http://osvdb.org/43212
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10843
http://www.securitytracker.com/id?1019880
http://secunia.com/advisories/30967
http://secunia.com/advisories/32945
SuSE Security Announcement: SUSE-SR:2008:014 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
http://www.ubuntu.com/usn/USN-681-1
XForce ISS Database: imagemagick-loadtile-code-execution(41194)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41194
Common Vulnerability Exposure (CVE) ID: CVE-2008-3134
BugTraq ID: 30055
http://www.securityfocus.com/bid/30055
http://www.securitytracker.com/id?1020413
http://secunia.com/advisories/30879
http://secunia.com/advisories/32151
SuSE Security Announcement: SUSE-SR:2008:020 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html
http://www.vupen.com/english/advisories/2008/1984/references
XForce ISS Database: graphicsmagick-getimagecharacteristics-dos(43513)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43513
XForce ISS Database: graphicsmagick-multiple-dos(43511)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43511
Common Vulnerability Exposure (CVE) ID: CVE-2008-6070
BugTraq ID: 29583
http://www.securityfocus.com/bid/29583
http://secunia.com/advisories/30549
XForce ISS Database: graphicsmagick-readpalmimage-bo(42904)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42904
Common Vulnerability Exposure (CVE) ID: CVE-2008-6071
XForce ISS Database: graphicsmagick-decodeimage-bo(42906)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42906
Common Vulnerability Exposure (CVE) ID: CVE-2008-6072
Common Vulnerability Exposure (CVE) ID: CVE-2008-6621
http://osvdb.org/46258
http://www.vupen.com/english/advisories/2008/1767
Common Vulnerability Exposure (CVE) ID: CVE-2009-1882
BugTraq ID: 35111
http://www.securityfocus.com/bid/35111
Bugtraq: 20101027 rPSA-2010-0074-1 ImageMagick (Google Search)
http://www.securityfocus.com/archive/1/514516/100/0/threaded
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033833.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033766.html
http://security.gentoo.org/glsa/glsa-201311-10.xml
http://www.openwall.com/lists/oss-security/2009/06/08/1
http://osvdb.org/54729
http://secunia.com/advisories/35216
http://secunia.com/advisories/35382
http://secunia.com/advisories/35685
http://secunia.com/advisories/37959
http://secunia.com/advisories/55721
SuSE Security Announcement: SUSE-SR:2009:012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
https://usn.ubuntu.com/784-1/
http://www.vupen.com/english/advisories/2009/1449
CopyrightCopyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.