Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Debian Security Advisory DSA 702-1 (imagemagick)

Information

Severity

Severity

High

Family

Family

Debian Local Security Checks

CVSSv2 Base

CVSSv2 Base

7.5

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

16 years ago

Modified

Modified

6 years ago

Summary

The remote host is missing an update to imagemagick announced via advisory DSA 702-1.

Insight

Insight

Several vulnerabilities have been discovered in ImageMagick, a commonly used image manipulation library. These problems can be exploited by a carefully crafted graphic image. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-0397 Tavis Ormandy discovered a format string vulnerability in the filename handling code which allows a remote attacker to cause a denial of service and possibly execute arbitrary code. CVE-2005-0759 Andrei Nigmatulin discovered a denial of service condition which can be caused by an invalid tag in a TIFF image. CVE-2005-0760 Andrei Nigmatulin discovered that the TIFF decoder is vulnerable to accessing memory out of bounds which will result in a segmentation fault. CVE-2005-0762 Andrei Nigmatulin discovered a buffer overflow in the SGI parser which allows a remote attacker to execute arbitrary code via a specially crafted SGI image file. For the stable distribution (woody) these problems have been fixed in version 5.4.4.5-1woody6. For the unstable distribution (sid) these problems have been fixed in version 6.0.6.2-2.2. We recommend that you upgrade your imagemagick package.

Solution

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20702-1

Common Vulnerabilities and Exposures (CVE)