ID CVE-2005-0005
Summary Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.
References
Vulnerable Configurations
  • GraphicsMagick 1.0
    cpe:2.3:a:graphicsmagick:graphicsmagick:1.0
  • GraphicsMagick 1.0.6
    cpe:2.3:a:graphicsmagick:graphicsmagick:1.0.6
  • GraphicsMagick 1.1
    cpe:2.3:a:graphicsmagick:graphicsmagick:1.1
  • GraphicsMagick 1.1.3
    cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.3
  • GraphicsMagick 1.1.4
    cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.4
  • ImageMagick 5.3.3
    cpe:2.3:a:imagemagick:imagemagick:5.3.3
  • ImageMagick 5.4.3
    cpe:2.3:a:imagemagick:imagemagick:5.4.3
  • ImageMagick 5.4.7
    cpe:2.3:a:imagemagick:imagemagick:5.4.7
  • ImageMagick 6.0
    cpe:2.3:a:imagemagick:imagemagick:6.0
  • ImageMagick 6.0.1
    cpe:2.3:a:imagemagick:imagemagick:6.0.1
  • ImageMagick 6.0.2
    cpe:2.3:a:imagemagick:imagemagick:6.0.2
  • ImageMagick 6.0.2.5
    cpe:2.3:a:imagemagick:imagemagick:6.0.2.5
  • ImageMagick 6.0.3
    cpe:2.3:a:imagemagick:imagemagick:6.0.3
  • ImageMagick 6.0.4
    cpe:2.3:a:imagemagick:imagemagick:6.0.4
  • ImageMagick 6.0.5
    cpe:2.3:a:imagemagick:imagemagick:6.0.5
  • ImageMagick 6.0.6
    cpe:2.3:a:imagemagick:imagemagick:6.0.6
  • ImageMagick 6.0.7
    cpe:2.3:a:imagemagick:imagemagick:6.0.7
  • ImageMagick 6.0.8
    cpe:2.3:a:imagemagick:imagemagick:6.0.8
  • ImageMagick 6.1
    cpe:2.3:a:imagemagick:imagemagick:6.1
  • ImageMagick 6.1.1.6
    cpe:2.3:a:imagemagick:imagemagick:6.1.1.6
  • ImageMagick 6.1.2
    cpe:2.3:a:imagemagick:imagemagick:6.1.2
  • ImageMagick 6.1.3
    cpe:2.3:a:imagemagick:imagemagick:6.1.3
  • ImageMagick 6.1.4
    cpe:2.3:a:imagemagick:imagemagick:6.1.4
  • ImageMagick 6.1.5
    cpe:2.3:a:imagemagick:imagemagick:6.1.5
  • ImageMagick 6.1.6
    cpe:2.3:a:imagemagick:imagemagick:6.1.6
  • ImageMagick 6.1.7
    cpe:2.3:a:imagemagick:imagemagick:6.1.7
  • ImageMagick 6.2
    cpe:2.3:a:imagemagick:imagemagick:6.2
  • ImageMagick 6.2.0.4
    cpe:2.3:a:imagemagick:imagemagick:6.2.0.4
  • ImageMagick 6.2.0.7
    cpe:2.3:a:imagemagick:imagemagick:6.2.0.7
  • SGI ProPack 3.0
    cpe:2.3:a:sgi:propack:3.0
  • cpe:2.3:o:debian:debian_linux:3.0:-:alpha
    cpe:2.3:o:debian:debian_linux:3.0:-:alpha
  • cpe:2.3:o:debian:debian_linux:3.0:-:arm
    cpe:2.3:o:debian:debian_linux:3.0:-:arm
  • cpe:2.3:o:debian:debian_linux:3.0:-:hppa
    cpe:2.3:o:debian:debian_linux:3.0:-:hppa
  • cpe:2.3:o:debian:debian_linux:3.0:-:ia-32
    cpe:2.3:o:debian:debian_linux:3.0:-:ia-32
  • cpe:2.3:o:debian:debian_linux:3.0:-:ia-64
    cpe:2.3:o:debian:debian_linux:3.0:-:ia-64
  • cpe:2.3:o:debian:debian_linux:3.0:-:m68k
    cpe:2.3:o:debian:debian_linux:3.0:-:m68k
  • cpe:2.3:o:debian:debian_linux:3.0:-:mips
    cpe:2.3:o:debian:debian_linux:3.0:-:mips
  • cpe:2.3:o:debian:debian_linux:3.0:-:mipsel
    cpe:2.3:o:debian:debian_linux:3.0:-:mipsel
  • cpe:2.3:o:debian:debian_linux:3.0:-:ppc
    cpe:2.3:o:debian:debian_linux:3.0:-:ppc
  • cpe:2.3:o:debian:debian_linux:3.0:-:s-390
    cpe:2.3:o:debian:debian_linux:3.0:-:s-390
  • cpe:2.3:o:debian:debian_linux:3.0:-:sparc
    cpe:2.3:o:debian:debian_linux:3.0:-:sparc
  • cpe:2.3:o:gentoo:linux:0.5
    cpe:2.3:o:gentoo:linux:0.5
  • cpe:2.3:o:gentoo:linux:0.7
    cpe:2.3:o:gentoo:linux:0.7
  • cpe:2.3:o:gentoo:linux:1.1a
    cpe:2.3:o:gentoo:linux:1.1a
  • Gentoo Linux 1.2
    cpe:2.3:o:gentoo:linux:1.2
  • Gentoo Linux 1.4
    cpe:2.3:o:gentoo:linux:1.4
  • Gentoo Linux 1.4 rc1
    cpe:2.3:o:gentoo:linux:1.4:rc1
  • Gentoo Linux 1.4 rc2
    cpe:2.3:o:gentoo:linux:1.4:rc2
  • Gentoo Linux 1.4 rc3
    cpe:2.3:o:gentoo:linux:1.4:rc3
  • SuSE SuSE Linux 8.0
    cpe:2.3:o:suse:suse_linux:8.0
  • cpe:2.3:o:suse:suse_linux:8.0:-:i386
    cpe:2.3:o:suse:suse_linux:8.0:-:i386
  • SuSE SuSE Linux 8.1
    cpe:2.3:o:suse:suse_linux:8.1
  • SuSE SuSE Linux 8.2
    cpe:2.3:o:suse:suse_linux:8.2
  • SuSE SuSE Linux 9.0
    cpe:2.3:o:suse:suse_linux:9.0
  • cpe:2.3:o:suse:suse_linux:9.0:-:x86_64
    cpe:2.3:o:suse:suse_linux:9.0:-:x86_64
  • SuSE SuSE Linux 9.1
    cpe:2.3:o:suse:suse_linux:9.1
  • SuSE SuSE Linux 9.2
    cpe:2.3:o:suse:suse_linux:9.2
CVSS
Base: 7.5 (as of 13-05-2005 - 14:36)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-646.NASL
    description Andrei Nigmatulin discovered a buffer overflow in the PSD image-decoding module of ImageMagick, a commonly used image manipulation library. Remote exploitation with a carefully crafted image could lead to the execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 16213
    published 2005-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16213
    title Debian DSA-646-1 : imagemagick - buffer overflow
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_597E2BEE68EA11D9A9E70001020EED82.NASL
    description An iDEFENSE Security Advisory reports : Remote exploitation of a buffer overflow vulnerability in The ImageMagick's Project's ImageMagick PSD image-decoding module could allow an attacker to execute arbitrary code. Exploitation may allow attackers to run arbitrary code on a victim's computer if the victim opens a specially formatted image. Such images could be delivered by e-mail or HTML, in some cases, and would likely not raise suspicion on the victim's part. Exploitation is also possible when a web-based application uses ImageMagick to process user-uploaded image files.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 18944
    published 2005-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18944
    title FreeBSD : ImageMagick -- PSD handler heap overflow vulnerability (597e2bee-68ea-11d9-a9e7-0001020eed82)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-62-1.NASL
    description Andrei Nigmatulin discovered a potential buffer overflow in the PhotoShop Document image decoding function of ImageMagick. Decoding a malicious PSD image which specifies more than the allowed 24 channels might result in execution of arbitrary code with the user's privileges. Since ImageMagick can be used in custom printing systems, this also might lead to privilege escalation (execute code with the printer spooler's privileges). However, Ubuntu's standard printing system does not use ImageMagick, thus there is no risk of privilege escalation in a standard installation. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-05-25
    plugin id 20681
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20681
    title Ubuntu 4.10 : imagemagick vulnerability (USN-62-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-065.NASL
    description A format string vulnerability was discovered in ImageMagick, in the way it handles filenames. An attacker could execute arbitrary code on a victim's machine provided they could trick them into opening a file with a special name (CVE-2005-0397). As well, Andrei Nigmatulin discovered a heap-based buffer overflow in ImageMagick's image handler. An attacker could create a special PhotoShop Document (PSD) image file in such a way that it would cause ImageMagick to execute arbitrary code when processing the image (CVE-2005-0005). Other vulnerabilities were discovered in ImageMagick versions prior to 6.0 : A bug in the way that ImageMagick handles TIFF tags was discovered. It was possible that a TIFF image with an invalid tag could cause ImageMagick to crash (CVE-2005-0759). A bug in ImageMagick's TIFF decoder was discovered where a specially- crafted TIFF image could cause ImageMagick to crash (CVE-2005-0760). A bug in ImageMagick's PSD parsing was discovered where a specially- crafted PSD file could cause ImageMagick to crash (CVE-2005-0761). Finally, a heap overflow bug was discovered in ImageMagick's SGI parser. If an attacker could trick a user into opening a specially- crafted SGI image file, ImageMagick would execute arbitrary code (CVE-2005-0762). The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 17677
    published 2005-04-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17677
    title Mandrake Linux Security Advisory : ImageMagick (MDKSA-2005:065)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2005-234.NASL
    description Andrei Nigmatulin discovered a heap based buffer overflow flaw in the ImageMagick image handler. An attacker could create a carefully crafted Photoshop Document (PSD) image in such a way that it would cause ImageMagick to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0005 to this issue. A format string bug was found in the way ImageMagick handles filenames. An attacker could execute arbitrary code in a victims machine if they are able to trick the victim into opening a file with a specially crafted name. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0397 to this issue. A bug was found in the way ImageMagick handles TIFF tags. It is possible that a TIFF image file with an invalid tag could cause ImageMagick to crash. A bug was found in ImageMagick's TIFF decoder. It is possible that a specially crafted TIFF image file could cause ImageMagick to crash. A bug was found in the way ImageMagick parses PSD files. It is possible that a specially crafted PSD file could cause ImageMagick to crash. A heap overflow bug was found in ImageMagick's SGI parser. It is possible that an attacker could execute arbitrary code by tricking a user into opening a specially crafted SGI image file. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 18316
    published 2005-05-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18316
    title Fedora Core 2 : ImageMagick-6.2.0.7-2.fc2 (2005-234)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200501-26.NASL
    description The remote host is affected by the vulnerability described in GLSA-200501-26 (ImageMagick: PSD decoding heap overflow) Andrei Nigmatulin discovered that a Photoshop Document (PSD) file with more than 24 layers could trigger a heap overflow. Impact : An attacker could potentially design a mailicous PSD image file to cause arbitrary code execution with the permissions of the user running ImageMagick. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 16417
    published 2005-02-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16417
    title GLSA-200501-26 : ImageMagick: PSD decoding heap overflow
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2005-235.NASL
    description Andrei Nigmatulin discovered a heap based buffer overflow flaw in the ImageMagick image handler. An attacker could create a carefully crafted Photoshop Document (PSD) image in such a way that it would cause ImageMagick to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0005 to this issue. A format string bug was found in the way ImageMagick handles filenames. An attacker could execute arbitrary code in a victims machine if they are able to trick the victim into opening a file with a specially crafted name. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0397 to this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 19628
    published 2005-09-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19628
    title Fedora Core 3 : ImageMagick-6.2.0.7-2.fc3 (2005-235)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200501-37.NASL
    description The remote host is affected by the vulnerability described in GLSA-200501-37 (GraphicsMagick: PSD decoding heap overflow) Andrei Nigmatulin discovered that handling a Photoshop Document (PSD) file with more than 24 layers in ImageMagick could trigger a heap overflow (GLSA 200501-26). GraphicsMagick is based on the same code and therefore suffers from the same flaw. Impact : An attacker could potentially design a malicious PSD image file to cause arbitrary code execution with the permissions of the user running GraphicsMagick. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 16428
    published 2005-02-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16428
    title GLSA-200501-37 : GraphicsMagick: PSD decoding heap overflow
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-071.NASL
    description Updated ImageMagick packages that fix a security flaw are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick is an image display and manipulation tool for the X Window System. Andrei Nigmatulin discovered a heap based buffer overflow flaw in the ImageMagick image handler. An attacker could create a carefully crafted Photoshop Document (PSD) image in such a way that it would cause ImageMagick to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0005 to this issue. Users of ImageMagick should upgrade to these updated packages, which contain a backported patch, and are not vulnerable to this issue.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 17179
    published 2005-02-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17179
    title RHEL 4 : ImageMagick (RHSA-2005:071)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-070.NASL
    description Updated ImageMagick packages that fix a heap based buffer overflow are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick is an image display and manipulation tool for the X Window System. Andrei Nigmatulin discovered a heap based buffer overflow flaw in the ImageMagick image handler. An attacker could create a carefully crafted Photoshop Document (PSD) image in such a way that it would cause ImageMagick to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0005 to this issue. A format string bug was found in the way ImageMagick handles filenames. An attacker could execute arbitrary code on a victim's machine if they were able to trick the victim into opening a file with a specially crafted name. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0397 to this issue. A bug was found in the way ImageMagick handles TIFF tags. It is possible that a TIFF image file with an invalid tag could cause ImageMagick to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0759 to this issue. A bug was found in ImageMagick's TIFF decoder. It is possible that a specially crafted TIFF image file could cause ImageMagick to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0760 to this issue. A bug was found in the way ImageMagick parses PSD files. It is possible that a specially crafted PSD file could cause ImageMagick to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0761 to this issue. A heap overflow bug was found in ImageMagick's SGI parser. It is possible that an attacker could execute arbitrary code by tricking a user into opening a specially crafted SGI image file. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0762 to this issue. Users of ImageMagick should upgrade to these updated packages, which contain backported patches, and are not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 17621
    published 2005-03-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17621
    title RHEL 2.1 / 3 : ImageMagick (RHSA-2005:070)
oval via4
accepted 2013-04-29T04:23:22.259-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.
family unix
id oval:org.mitre.oval:def:9925
status accepted
submitted 2010-07-09T03:56:16-04:00
title Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.
version 23
redhat via4
advisories
  • rhsa
    id RHSA-2005:070
  • rhsa
    id RHSA-2005:071
refmap via4
bugtraq 20050118 [USN-62-1] imagemagick vulnerability
debian DSA-646
gentoo GLSA-200501-37
idefense 20050117 Multiple Vendor ImageMagick .psd Image File Decode Heap Overflow Vulnerability
Last major update 17-10-2016 - 23:07
Published 02-05-2005 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top