ID CVE-2007-0770
Summary Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. NOTE: this issue is due to an incomplete patch for CVE-2006-5456.
References
Vulnerable Configurations
  • GraphicsMagick
    cpe:2.3:a:graphicsmagick:graphicsmagick
  • ImageMagick 6.3.3.4
    cpe:2.3:a:imagemagick:imagemagick:6.3.3.4
CVSS
Base: 9.3 (as of 13-02-2007 - 10:35)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_IMAGEMAGICK-2592.NASL
    description This update fixes a broken patch for CVE-2006-5456 and minor non-security issues. (CVE-2007-0770)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29350
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29350
    title SuSE 10 Security Update : ImageMagick (ZYPP Patch Number 2592)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_IMAGEMAGICK-2585.NASL
    description This update fixes a broken patch for CVE-2006-5456 and minor non-security issues. (CVE-2007-0770)
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27107
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27107
    title openSUSE 10 Security Update : ImageMagick (ImageMagick-2585)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1260.NASL
    description Vladimir Nadvornik discovered that the fix for a vulnerability in the PALM decoder of Imagemagick, a collection of image manipulation programs, was ineffective. To avoid confusion a new CVE ID has been assigned; the original issue was tracked as CVE-2006-5456.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 24347
    published 2007-02-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24347
    title Debian DSA-1260-1 : imagemagick - buffer overflow
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-422-1.NASL
    description Vladimir Nadvornik discovered that the fix for CVE-2006-5456, released in USN-372-1, did not correctly solve the original flaw in PALM image handling. By tricking a user into processing a specially crafted image with an application that uses imagemagick, an attacker could execute arbitrary code with the user's privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28014
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28014
    title Ubuntu 5.10 / 6.06 LTS / 6.10 : imagemagick vulnerabilities (USN-422-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-041.NASL
    description Vladimir Nadvornik discovered a buffer overflow in GraphicsMagick and ImageMagick allows user-assisted attackers to cause a denial of service and possibly execute execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. This is related to an earlier fix for CVE-2006-5456 that did not fully correct the issue. Updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 24654
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24654
    title Mandrake Linux Security Advisory : ImageMagick (MDKSA-2007:041)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GRAPHICSMAGICK-2593.NASL
    description This update fixes a broken patch for CVE-2006-5456 and minor non-security issues. (CVE-2007-0770)
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27102
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27102
    title openSUSE 10 Security Update : GraphicsMagick (GraphicsMagick-2593)
refmap via4
bugtraq 20070208 rPSA-2007-0029-1 ImageMagick
confirm https://issues.rpath.com/browse/RPL-1034
debian DSA-1260
mandriva MDKSA-2007:041
osvdb 31911
secunia
  • 24167
  • 24196
suse SUSE-SR:2007:003
ubuntu USN-422-1
statements via4
contributor Mark J Cox
lastmodified 2007-02-14
organization Red Hat
statement Not vulnerable. Red Hat did not ship the incomplete patch for CVE-2006-5456 and is therefore not affected by this issue.
Last major update 15-09-2010 - 01:43
Published 12-02-2007 - 15:28
Last modified 16-10-2018 - 12:34
Back to Top