English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 92446 CVE descriptions
and 51095 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.64637
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 1858-1 (imagemagick)
Summary:Debian Security Advisory DSA 1858-1 (imagemagick)
Description:Description:
The remote host is missing an update to imagemagick
announced via advisory DSA 1858-1.

Several vulnerabilities have been discovered in the imagemagick image
manipulation programs which can lead to the execution of arbitrary code,
exposure of sensitive information or cause DoS. The Common Vulnerabilities
and Exposures project identifies the following problems:

CVE-2007-1667

Multiple integer overflows in XInitImage function in xwd.c for
ImageMagick, allow user-assisted remote attackers to cause a denial of
service (crash) or obtain sensitive information via crafted images with
large or negative values that trigger a buffer overflow. It only affects
the oldstable distribution (etch).

CVE-2007-1797

Multiple integer overflows allow remote attackers to execute arbitrary
code via a crafted DCM image, or the colors or comments field in a
crafted XWD image. It only affects the oldstable distribution (etch).

CVE-2007-4985

A crafted image file can trigger an infinite loop in the ReadDCMImage
function or in the ReadXCFImage function. It only affects the oldstable
distribution (etch).

CVE-2007-4986

Multiple integer overflows allow context-dependent attackers to execute
arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file,
which triggers a heap-based buffer overflow. It only affects the
oldstable distribution (etch).

CVE-2007-4987

Off-by-one error allows context-dependent attackers to execute arbitrary
code via a crafted image file, which triggers the writing of a '\0'
character to an out-of-bounds address. It affects only the oldstable
distribution (etch).

CVE-2007-4988

A sign extension error allows context-dependent attackers to execute
arbitrary code via a crafted width value in an image file, which
triggers an integer overflow and a heap-based buffer overflow. It
affects only the oldstable distribution (etch).

CVE-2008-1096

The load_tile function in the XCF coder allows user-assisted remote
attackers to cause a denial of service or possibly execute arbitrary
code via a crafted .xcf file that triggers an out-of-bounds heap write.
It affects only to oldstable (etch).

CVE-2008-1097

Heap-based buffer overflow in the PCX coder allows user-assisted remote
attackers to cause a denial of service or possibly execute arbitrary
code via a crafted .pcx file that triggers incorrect memory allocation
for the scanline array, leading to memory corruption. It affects only to
oldstable (etch).

CVE-2009-1882

Integer overflow allows remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a crafted TIFF file,
which triggers a buffer overflow.

For the old stable distribution (etch), these problems have been fixed in
version 7:6.2.4.5.dfsg1-0.15+etch1.

For the stable distribution (lenny), these problems have been fixed in
version 7:6.3.7.9.dfsg2-1~
lenny3.

For the upcoming stable distribution (squeeze) and the unstable
distribution (sid), these problems have been fixed in version
7:6.5.1.0-1.1.

We recommend that you upgrade your imagemagick packages.

Solution:
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201858-1

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-1667
Bugtraq: 20070404 rPSA-2007-0065-1 freetype xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs (Google Search)
http://www.securityfocus.com/archive/1/archive/1/464686/100/0/threaded
Bugtraq: 20070405 FLEA-2007-0009-1: xorg-x11 freetype (Google Search)
http://www.securityfocus.com/archive/1/archive/1/464816/100/0/threaded
http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
Debian Security Information: DSA-1294 (Google Search)
http://www.debian.org/security/2007/dsa-1294
Debian Security Information: DSA-1858 (Google Search)
http://www.debian.org/security/2009/dsa-1858
http://security.gentoo.org/glsa/glsa-200705-06.xml
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:079
http://www.mandriva.com/security/advisories?name=MDKSA-2007:147
OpenBSD Security Advisory: [3.9] 021: SECURITY FIX: April 4, 2007
http://www.openbsd.org/errata39.html#021_xorg
OpenBSD Security Advisory: [4.0] 011: SECURITY FIX: April 4, 2007
http://www.openbsd.org/errata40.html#011_xorg
http://www.redhat.com/support/errata/RHSA-2007-0126.html
RedHat Security Advisories: RHSA-2007:0125
http://rhn.redhat.com/errata/RHSA-2007-0125.html
http://www.redhat.com/support/errata/RHSA-2007-0157.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102888-1
SuSE Security Announcement: SUSE-SA:2007:027 (Google Search)
http://www.novell.com/linux/security/advisories/2007_27_x.html
SuSE Security Announcement: SUSE-SR:2007:008 (Google Search)
http://www.novell.com/linux/security/advisories/2007_8_sr.html
http://www.ubuntu.com/usn/usn-453-1
http://www.ubuntu.com/usn/usn-453-2
http://www.ubuntu.com/usn/usn-481-1
BugTraq ID: 23300
http://www.securityfocus.com/bid/23300
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9776
http://secunia.com/advisories/36260
http://www.vupen.com/english/advisories/2007/1217
http://www.vupen.com/english/advisories/2007/1531
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1693
http://www.securitytracker.com/id?1017864
http://secunia.com/advisories/24741
http://secunia.com/advisories/24756
http://secunia.com/advisories/24745
http://secunia.com/advisories/24758
http://secunia.com/advisories/24765
http://secunia.com/advisories/24771
http://secunia.com/advisories/24791
http://secunia.com/advisories/24739
http://secunia.com/advisories/24953
http://secunia.com/advisories/25004
http://secunia.com/advisories/24975
http://secunia.com/advisories/25112
http://secunia.com/advisories/25072
http://secunia.com/advisories/25131
http://secunia.com/advisories/25305
http://secunia.com/advisories/25992
http://secunia.com/advisories/26177
http://secunia.com/advisories/30161
http://secunia.com/advisories/33937
Common Vulnerability Exposure (CVE) ID: CVE-2007-1797
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=496
http://www.imagemagick.org/script/changelog.php
http://security.gentoo.org/glsa/glsa-200705-13.xml
http://www.redhat.com/support/errata/RHSA-2008-0145.html
http://www.redhat.com/support/errata/RHSA-2008-0165.html
BugTraq ID: 23347
http://www.securityfocus.com/bid/23347
BugTraq ID: 23252
http://www.securityfocus.com/bid/23252
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9254
http://www.vupen.com/english/advisories/2007/1200
http://www.securitytracker.com/id?1017839
http://secunia.com/advisories/24721
http://secunia.com/advisories/25206
http://secunia.com/advisories/29786
http://secunia.com/advisories/29857
XForce ISS Database: imagemagick-readdcmimage-bo(33376)
http://xforce.iss.net/xforce/xfdb/33376
XForce ISS Database: imagemagick-readxwdimage-bo(33377)
http://xforce.iss.net/xforce/xfdb/33377
Common Vulnerability Exposure (CVE) ID: CVE-2007-4985
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=596
Bugtraq: 20071112 FLEA-2007-0066-1 ImageMagick (Google Search)
http://www.securityfocus.com/archive/1/archive/1/483572/100/0/threaded
http://studio.imagemagick.org/pipermail/magick-announce/2007-September/000037.html
http://security.gentoo.org/glsa/glsa-200710-27.xml
http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:035
SuSE Security Announcement: SUSE-SR:2007:023 (Google Search)
http://www.novell.com/linux/security/advisories/2007_23_sr.html
http://www.ubuntu.com/usn/usn-523-1
BugTraq ID: 25764
http://www.securityfocus.com/bid/25764
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10869
http://www.vupen.com/english/advisories/2007/3245
http://www.securitytracker.com/id?1018729
http://secunia.com/advisories/26926
http://secunia.com/advisories/27048
http://secunia.com/advisories/27309
http://secunia.com/advisories/27364
http://secunia.com/advisories/27439
http://secunia.com/advisories/28721
XForce ISS Database: imagemagick-readdcmimage-readxcfimage-dos(36740)
http://xforce.iss.net/xforce/xfdb/36740
Common Vulnerability Exposure (CVE) ID: CVE-2007-4986
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=594
BugTraq ID: 25763
http://www.securityfocus.com/bid/25763
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9963
http://secunia.com/advisories/35316
XForce ISS Database: imagemagick-multiplefunctions-bo(36738)
http://xforce.iss.net/xforce/xfdb/36738
Common Vulnerability Exposure (CVE) ID: CVE-2007-4987
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=595
BugTraq ID: 25766
http://www.securityfocus.com/bid/25766
XForce ISS Database: imagemagick-readblogstring-bo(36739)
http://xforce.iss.net/xforce/xfdb/36739
Common Vulnerability Exposure (CVE) ID: CVE-2007-4988
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=597
BugTraq ID: 25765
http://www.securityfocus.com/bid/25765
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9656
XForce ISS Database: imagemagick-readdibimage-bo(36737)
http://xforce.iss.net/xforce/xfdb/36737
Common Vulnerability Exposure (CVE) ID: CVE-2008-1096
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414370
https://bugzilla.redhat.com/show_bug.cgi?id=286411
http://www.mandriva.com/security/advisories?name=MDVSA-2008:099
SuSE Security Announcement: SUSE-SR:2008:014 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
http://www.ubuntu.com/usn/USN-681-1
BugTraq ID: 28821
http://www.securityfocus.com/bid/28821
http://osvdb.org/43212
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10843
http://www.securitytracker.com/id?1019880
http://secunia.com/advisories/30967
http://secunia.com/advisories/32945
XForce ISS Database: imagemagick-loadtile-code-execution(41194)
http://xforce.iss.net/xforce/xfdb/41194
Common Vulnerability Exposure (CVE) ID: CVE-2008-1097
https://bugzilla.redhat.com/show_bug.cgi?id=285861
http://security.gentoo.org/glsa/glsa-201311-10.xml
BugTraq ID: 28822
http://www.securityfocus.com/bid/28822
http://osvdb.org/43213
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11237
http://www.securitytracker.com/id?1019881
http://secunia.com/advisories/55721
XForce ISS Database: imagemagick-readpcximage-bo(41193)
http://xforce.iss.net/xforce/xfdb/41193
Common Vulnerability Exposure (CVE) ID: CVE-2009-1882
Bugtraq: 20101027 rPSA-2010-0074-1 ImageMagick (Google Search)
http://www.securityfocus.com/archive/1/archive/1/514516/100/0/threaded
http://www.openwall.com/lists/oss-security/2009/06/08/1
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033833.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033766.html
SuSE Security Announcement: SUSE-SR:2009:012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
http://www.ubuntulinux.org/support/documentation/usn/usn-784-1
BugTraq ID: 35111
http://www.securityfocus.com/bid/35111
http://osvdb.org/54729
http://secunia.com/advisories/35216
http://secunia.com/advisories/35382
http://secunia.com/advisories/35685
http://secunia.com/advisories/37959
http://www.vupen.com/english/advisories/2009/1449
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 51095 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2016 E-Soft Inc. All rights reserved.