FS#6800 : Warning on imagemagick

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#6800 - Warning on imagemagick

Attached to Project: Arch Linux
Opened by DaNiMoTh (DaNiMoTh) - Tuesday, 03 April 2007, 19:37 GMT
Last edited by Tobias Powalowski (tpowa) - Sunday, 08 April 2007, 06:57 GMT

Task Type	Bug Report
Category	Security
Status	Closed
Assigned To	Jan de Groot (JGC)
Architecture	i686
Severity	High
Priority	Normal
Reported Version	0.8 Voodoo
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

------------------------------------------------------------
Arch Linux Security Warning ALSW 2007-#23
------------------------------------------------------------

Name: imagemagick
Date: 2007-04-03
Severity: High
Warning #: 2007-#23

------------------------------------------------------------

Product Background
===================
ImageMagick is used as a suite of image manipulation tools (animate, composite, conjure, convert, display, identify, import, mogrify, and montage) which are sometimes used by other applications for processing image files. For more information about ImageMagick visit the following URL.

Problem Background
===================
Remote exploitation of several buffer overflow vulnerabilities in ImageMagick, allows attackers to execute arbitrary code with the credentials used for image processing.
An integer overflow exists ImageMagick's handling of DCM (Digital Imaging and Communications in Medicine) format files which allows an attacker to cause a heap-based buffer overflow. This vulnerability specifically exists in the ReadDCMImage() function.
Two integer overflows exists ImageMagick's handling of XWD (X Windows Dump) format files that allows an attacker to cause a heap-based buffer overflow. The vulnerabilities specifically exist in the ReadXWDImage() function. An integer overflow could occur when calculating the amount of memory to allocate for the 'colors' or 'comment' field.

Impact
=========
Exploitation of these vulnerabilities allows attackers to execute arbitrary code in the context of the user that started the affected program. Since the tools that are part of ImageMagick are sometimes used as helper tools by web applications, this user may be the same as the httpd user.

Problem Packages
===================
Package: imagemagick
Repo: current
Group: multimedia
Unsafe: See below
Safe: See below

iDefense has confirmed the existence of these vulnerabilities in ImageMagick version 6.3.x. Additionally, the source code for versions 6.3.1, 6.3.2, 6.3.3-3 and 6.2.9 contain the affected code. It is suspected that earlier versions of ImageMagick are also vulnerable.
The ImageMagick maintainers have addressed these vulnerabilities in version 6.3.3-5 of ImageMagick. I'm not sure that they release a 6.3.2-x version that fix these problems. I'll add a comment if I'm wrong.

Package Fix
===================
Upgrade to 6.3.3-5

===================

Unofficial ArchLinux Security Bug Tracker:
http://jjdanimoth.netsons.org/alsw.html

Reference(s)
===================
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=496
https://issues.foresightlinux.org/browse/FL-222

This task depends upon

Closed by Tobias Powalowski (tpowa)
Sunday, 08 April 2007, 06:57 GMT
Reason for closing: Fixed

Comments (0)
Related Tasks (0/0)

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

Arch Linux

FS#6800 - Warning on imagemagick

Details

Loading...