ImageMagic multiple security vulnerabilities
Published:		24.09.2007
Source:		BUGTRAQ
SecurityVulns ID:		8178
Type:		library
Level:		6/10
Description:		Multiple vulnerabilities on BMP, DCM and another graphics formats parsing.

Affected:		IMAGEMAGIC : ImageMagic 6.3
CVE:		CVE-2007-4988 (Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow.)
		CVE-2007-4987 (Off-by-one error in the ReadBlobString function in blob.c in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a '\0' character to an out-of-bounds address.)
		CVE-2007-4986 (Multiple integer overflows in ImageMagick before 6.3.5-9 allow context-dependent attackers to execute arbitrary code via a crafted (1) .dcm, (2) .dib, (3) .xbm, (4) .xcf, or (5) .xwd image file, which triggers a heap-based buffer overflow.)
		CVE-2007-4985 (ImageMagick before 6.3.5-9 allows context-dependent attackers to cause a denial of service via a crafted image file that triggers (1) an infinite loop in the ReadDCMImage function, related to ReadBlobByte function calls; or (2) an infinite loop in the ReadXCFImage function, related to ReadBlobMSBLong function calls.)

Original document		IDEFENSE, iDefense Security Advisory 09.19.07: Multiple Vendor ImageMagick Multiple Integer Overflow Vulnerabilities (24.09.2007)
		IDEFENSE, iDefense Security Advisory 09.19.07: Multiple Vendor ImageMagick Off-By-One Vulnerability (24.09.2007)
		IDEFENSE, iDefense Security Advisory 09.19.07: Multiple Vendor ImageMagick Multiple Denial of Service Vulnerabilities (24.09.2007)
		IDEFENSE, iDefense Security Advisory 09.19.07: Multiple Vendor ImageMagick Sign Extension Vulnerability (24.09.2007)

Discuss:

Read or add your comments to this news (0 comments)