From 27b002315306cf60030c187c797e20ca7fa98e4a Mon Sep 17 00:00:00 2001 From: "Simon L. B. Nielsen" Date: Thu, 3 Mar 2005 22:20:45 +0000 Subject: - Document ImageMagick -- format string vulnerability. - Fix typo on older tiff entry. --- security/vuxml/vuln.xml | 34 +++++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) (limited to 'security/vuxml') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index befbe327b210..7056a1c5ef98 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,38 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> + + ImageMagick -- format string vulnerability + + + ImageMagick + 6.2.0.3 + + + + +

Tavis Ormandy reports:

+
magemagick-6.2.0-3 fixes an potential issue handling + malformed filenames, the flaw may affect webapps or + scripts that use the imagemagick utilities for image + processing, or applications linked with libMagick.
+

This vulnerability could crash ImageMagick or potentially + lead to the execution of arbitrary code with the permissions + of the user running ImageMagick.

+ + + + CAN-2005-0397 + http://www.ubuntulinux.org/support/documentation/usn/usn-90-1 + + + 2005-03-02 + 2005-03-03 + + + uim -- privilege escalation vulnerability @@ -3117,7 +3149,7 @@ http_access deny Gopher

Dmitry V. Levin found a potential integer overflow in the - tiffdump utility which could lead to execution of arbritrary + tiffdump utility which could lead to execution of arbitrary code. This could be exploited by tricking an user into executing tiffdump on a specially crafted tiff image.

-- cgit v1.2.3