ID CVE-2009-1882
Summary Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of these details are obtained from third party information.
References
Vulnerable Configurations
  • ImageMagick 6.5.2-8
    cpe:2.3:a:imagemagick:imagemagick:6.5.2-8
CVSS
Base: 9.3 (as of 02-06-2009 - 12:41)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1903.NASL
    description Several vulnerabilities have been discovered in graphicsmagick, a collection of image processing tool, which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1667 Multiple integer overflows in XInitImage function in xwd.c for GraphicsMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. It only affects the oldstable distribution (etch). - CVE-2007-1797 Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted DCM image, or the colors or comments field in a crafted XWD image. It only affects the oldstable distribution (etch). - CVE-2007-4985 A crafted image file can trigger an infinite loop in the ReadDCMImage function or in the ReadXCFImage function. It only affects the oldstable distribution (etch). - CVE-2007-4986 Multiple integer overflows allow context-dependent attackers to execute arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file, which triggers a heap-based buffer overflow. It only affects the oldstable distribution (etch). - CVE-2007-4988 A sign extension error allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. It affects only the oldstable distribution (etch). - CVE-2008-1096 The load_tile function in the XCF coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write. It affects only oldstable (etch). - CVE-2008-3134 Multiple vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via vectors in the AVI, AVS, DCM, EPT, FITS, MTV, PALM, RLA, and TGA decoder readers; and the GetImageCharacteristics function in magick/image.c, as reachable from a crafted PNG, JPEG, BMP, or TIFF file. - CVE-2008-6070 Multiple heap-based buffer underflows in the ReadPALMImage function in coders/palm.c in GraphicsMagick before 1.2.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PALM image. - CVE-2008-6071 Heap-based buffer overflow in the DecodeImage function in coders/pict.c in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PICT image. - CVE-2008-6072 Multiple vulnerabilities in GraphicsMagick allow remote attackers to cause a denial of service (crash) via vectors in XCF and CINEON images. - CVE-2008-6621 Vulnerability in GraphicsMagick allows remote attackers to cause a denial of service (crash) via vectors in DPX images. - CVE-2009-1882 Integer overflow allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44768
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44768
    title Debian DSA-1903-1 : graphicsmagick - several vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201311-10.NASL
    description The remote host is affected by the vulnerability described in GLSA-201311-10 (GraphicsMagick: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in GraphicsMagick. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted image file, potentially resulting in arbitrary code execution or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 70959
    published 2013-11-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70959
    title GLSA-201311-10 : GraphicsMagick: Multiple vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201006-03.NASL
    description The remote host is affected by the vulnerability described in GLSA-201006-03 (ImageMagick: User-assisted execution of arbitrary code) Tielei Wang has discovered that the XMakeImage() function in magick/xwindow.c is prone to an integer overflow, possibly leading to a buffer overflow. Impact : A remote attacker could entice a user to open a specially crafted image, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 46770
    published 2010-06-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46770
    title GLSA-201006-03 : ImageMagick: User-assisted execution of arbitrary code
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_IMAGEMAGICK-090604.NASL
    description This update of ImageMagick fixes an integer overflow in the XMakeImage() function that allowed remote attackers to cause a denial-of-service and possibly the execution of arbitrary code via a crafted TIFF file. (CVE-2009-1882)
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 40165
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40165
    title openSUSE Security Update : ImageMagick (ImageMagick-967)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-261.NASL
    description A vulnerability has been found and corrected in GraphicsMagick, which could lead to integer overflow in the XMakeImage function in magick/xwindow.c, allowing remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow (CVE-2009-1882). This update fixes this vulnerability.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 42076
    published 2009-10-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42076
    title Mandriva Linux Security Advisory : graphicsmagick (MDVSA-2009:261)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1858.NASL
    description Several vulnerabilities have been discovered in the imagemagick image manipulation programs which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1667 Multiple integer overflows in XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. It only affects the oldstable distribution (etch). - CVE-2007-1797 Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted DCM image, or the colors or comments field in a crafted XWD image. It only affects the oldstable distribution (etch). - CVE-2007-4985 A crafted image file can trigger an infinite loop in the ReadDCMImage function or in the ReadXCFImage function. It only affects the oldstable distribution (etch). - CVE-2007-4986 Multiple integer overflows allow context-dependent attackers to execute arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file, which triggers a heap-based buffer overflow. It only affects the oldstable distribution (etch). - CVE-2007-4987 Off-by-one error allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a '\0' character to an out-of-bounds address. It affects only the oldstable distribution (etch). - CVE-2007-4988 A sign extension error allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. It affects only the oldstable distribution (etch). - CVE-2008-1096 The load_tile function in the XCF coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write. It affects only to oldstable (etch). - CVE-2008-1097 Heap-based buffer overflow in the PCX coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption. It affects only to oldstable (etch). - CVE-2009-1882 Integer overflow allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44723
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44723
    title Debian DSA-1858-1 : imagemagick - multiple vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-0295.NASL
    description - Fix BZ#503017 (CVE-2009-1882), BZ#543519 add patch2 ( http://people.debian.org/~naoliv/misc/imagemagick/SA3521 6.diff ) to do not update and ABI change. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 44889
    published 2010-02-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44889
    title Fedora 11 : ImageMagick-6.5.1.2-2.fc11 (2010-0295)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20100825_IMAGEMAGICK_ON_SL4_X.NASL
    description An integer overflow flaw, leading to a heap-based buffer overflow, was found in the ImageMagick routine responsible for creating X11 images. An attacker could create a specially crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. (CVE-2009-1882) All running instances of ImageMagick must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60842
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60842
    title Scientific Linux Security Update : ImageMagick on SL4.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_GRAPHICSMAGICK-090609.NASL
    description This update of GraphicsMagick fixes an integer overflow in the XMakeImage() function that allowed remote attackers to cause a denial-of-service and possibly the execution of arbitrary code via a crafted TIFF file. (CVE-2009-1882)
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 40164
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40164
    title openSUSE Security Update : GraphicsMagick (GraphicsMagick-988)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0652.NASL
    description Updated ImageMagick packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the ImageMagick routine responsible for creating X11 images. An attacker could create a specially crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. (CVE-2009-1882) This update also fixes the following bug : * previously, portions of certain RGB images on the right side were not rendered and left black when converting or displaying them. With this update, RGB images display correctly. (BZ#625058) Users of ImageMagick are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of ImageMagick must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 48744
    published 2010-08-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=48744
    title CentOS 5 : ImageMagick (CESA-2010:0652)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-260.NASL
    description A vulnerability has been found and corrected in ImageMagick, which could lead to integer overflow in the XMakeImage function in magick/xwindow.c, allowing remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow (CVE-2009-1882). This update fixes this vulnerability. Update : Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 42075
    published 2009-10-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42075
    title Mandriva Linux Security Advisory : imagemagick (MDVSA-2009:260-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0653.NASL
    description From Red Hat Security Advisory 2010:0653 : Updated ImageMagick packages that fix one security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the ImageMagick routine responsible for creating X11 images. An attacker could create a specially crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. (CVE-2009-1882) Users of ImageMagick are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running instances of ImageMagick must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 68089
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68089
    title Oracle Linux 4 : ImageMagick (ELSA-2010-0653)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20100825_IMAGEMAGICK_ON_SL5_X.NASL
    description An integer overflow flaw, leading to a heap-based buffer overflow, was found in the ImageMagick routine responsible for creating X11 images. An attacker could create a specially crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. (CVE-2009-1882) This update also fixes the following bug : - previously, portions of certain RGB images on the right side were not rendered and left black when converting or displaying them. With this update, RGB images display correctly. (BZ#625058) All running instances of ImageMagick must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60843
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60843
    title Scientific Linux Security Update : ImageMagick on SL5.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_GRAPHICSMAGICK-090609.NASL
    description This update of GraphicsMagick fixes an integer overflow in the XMakeImage() function that allowed remote attackers to cause a denial-of-service and possibly the execution of arbitrary code via a crafted TIFF file. (CVE-2009-1882)
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 39879
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39879
    title openSUSE Security Update : GraphicsMagick (GraphicsMagick-988)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GRAPHICSMAGICK-6294.NASL
    description This update of GraphicsMagick fixes an integer overflow in the XMakeImage() function that allowed remote attackers to cause a denial-of-service and possibly the execution of arbitrary code via a crafted TIFF file. (CVE-2009-1882)
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 39497
    published 2009-06-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39497
    title openSUSE 10 Security Update : GraphicsMagick (GraphicsMagick-6294)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0652.NASL
    description From Red Hat Security Advisory 2010:0652 : Updated ImageMagick packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the ImageMagick routine responsible for creating X11 images. An attacker could create a specially crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. (CVE-2009-1882) This update also fixes the following bug : * previously, portions of certain RGB images on the right side were not rendered and left black when converting or displaying them. With this update, RGB images display correctly. (BZ#625058) Users of ImageMagick are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of ImageMagick must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 68088
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68088
    title Oracle Linux 5 : ImageMagick (ELSA-2010-0652)
  • NASL family Windows
    NASL id IMAGEMAGICK_6_5_2_9.NASL
    description The remote Windows host is running a version of ImageMagick earlier than 6.5.2-9. Such versions reportedly fail to properly handle malformed 'TIFF' files in the 'XMakeImage()' function. If an attacker can trick a user on the remote host into opening a specially crafted file using the affected application, he can leverage this flaw to execute arbitrary code on the remote host subject to the user's privileges.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 38951
    published 2009-05-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38951
    title ImageMagick < 6.5.2-9 magick/xwindow.c XMakeImage() Function TIFF File Handling Overflow
  • NASL family SuSE Local Security Checks
    NASL id SUSE_IMAGEMAGICK-6287.NASL
    description This update of ImageMagick fixes an integer overflow in the XMakeImage() function that allowed remote attackers to cause a denial-of-service and possibly the execution of arbitrary code via a crafted TIFF file. (CVE-2009-1882)
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 39498
    published 2009-06-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39498
    title openSUSE 10 Security Update : ImageMagick (ImageMagick-6287)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0653.NASL
    description Updated ImageMagick packages that fix one security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the ImageMagick routine responsible for creating X11 images. An attacker could create a specially crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. (CVE-2009-1882) Users of ImageMagick are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running instances of ImageMagick must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 48751
    published 2010-08-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=48751
    title RHEL 4 : ImageMagick (RHSA-2010:0653)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-0001.NASL
    description - Mon Dec 28 2009 Rex Dieter - 1.3.7-4 - CVE-2009-1882 (#503017) - Fri Dec 4 2009 Stepan Kasal - 1.3.7-3 - rebuild against perl 5.10.1 - Fri Nov 6 2009 Rex Dieter - 1.3.7-2 - cleanup/uncruftify .spec - Thu Sep 17 2009 Rex Dieter - 1.3.7-1 - GraphicsMagick-1.3.7 - Mon Aug 3 2009 Ville Skytta - 1.3.6-2 - Use lzma-compressed upstream source tarball. - Wed Jul 29 2009 Rex Dieter 1.3.6-1 - GraphicsMagick-1.3.6 - Fri Jul 24 2009 Fedora Release Engineering - 1.3.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild - Tue Jun 30 2009 Rex Dieter - 1.3.5-1 - GraphicsMagick-1.3.5, ABI break (#487605) - --without-libgs (for now, per upstream advice) - BR: jasper-devel - Tue Jun 30 2009 Rex Dieter - 1.1.15-1 - GraphicsMagick-1.1.15 - fix BuildRoot - multiarch conflicts in GraphicsMagick (#341381) - broken -L in GraphicsMagick.pc (#456466) - %files: track sonames Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 47171
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47171
    title Fedora 11 : GraphicsMagick-1.3.7-4.fc11 (2010-0001)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_IMAGEMAGICK-6284.NASL
    description This update of ImageMagick fixes an integer overflow in the XMakeImage() function that allowed remote attackers to cause a denial-of-service and possibly the execution of arbitrary code via a crafted TIFF file. (CVE-2009-1882)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 51682
    published 2011-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51682
    title SuSE 10 Security Update : ImageMagick.rpm (ZYPP Patch Number 6284)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0652.NASL
    description Updated ImageMagick packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the ImageMagick routine responsible for creating X11 images. An attacker could create a specially crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. (CVE-2009-1882) This update also fixes the following bug : * previously, portions of certain RGB images on the right side were not rendered and left black when converting or displaying them. With this update, RGB images display correctly. (BZ#625058) Users of ImageMagick are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of ImageMagick must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 48750
    published 2010-08-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=48750
    title RHEL 5 : ImageMagick (RHSA-2010:0652)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-0036.NASL
    description - Mon Dec 28 2009 Rex Dieter - 1.3.7-4 - CVE-2009-1882 (#503017) - Fri Dec 4 2009 Stepan Kasal - 1.3.7-3 - rebuild against perl 5.10.1 - Fri Nov 6 2009 Rex Dieter - 1.3.7-2 - cleanup/uncruftify .spec Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 47173
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47173
    title Fedora 12 : GraphicsMagick-1.3.7-4.fc12 (2010-0036)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0653.NASL
    description Updated ImageMagick packages that fix one security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the ImageMagick routine responsible for creating X11 images. An attacker could create a specially crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. (CVE-2009-1882) Users of ImageMagick are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running instances of ImageMagick must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 48745
    published 2010-08-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=48745
    title CentOS 4 : ImageMagick (CESA-2010:0653)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_IMAGEMAGICK-090604.NASL
    description This update of ImageMagick fixes an integer overflow in the XMakeImage() function that allowed remote attackers to cause a denial-of-service and possibly the execution of arbitrary code via a crafted TIFF file. (CVE-2009-1882)
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 39880
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39880
    title openSUSE Security Update : ImageMagick (ImageMagick-967)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_IMAGEMAGICK-090604.NASL
    description This update of ImageMagick fixes an integer overflow in the XMakeImage() function that allowed remote attackers to cause a denial-of-service and possibly the execution of arbitrary code via a crafted TIFF file. (CVE-2009-1882)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 41350
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41350
    title SuSE 11 Security Update : ImageMagick (SAT Patch Number 963)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-784-1.NASL
    description It was discovered that ImageMagick did not properly verify the dimensions of TIFF files. If a user or automated system were tricked into opening a crafted TIFF file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 39337
    published 2009-06-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39337
    title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : imagemagick vulnerability (USN-784-1)
redhat via4
advisories
  • bugzilla
    id 625058
    title CRM.1902920 - Issue displaying SGI image with ImageMagick
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment ImageMagick is earlier than 0:6.2.8.0-4.el5_5.2
          oval oval:com.redhat.rhsa:tst:20100652002
        • comment ImageMagick is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080145020
      • AND
        • comment ImageMagick-c++ is earlier than 0:6.2.8.0-4.el5_5.2
          oval oval:com.redhat.rhsa:tst:20100652004
        • comment ImageMagick-c++ is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080145026
      • AND
        • comment ImageMagick-c++-devel is earlier than 0:6.2.8.0-4.el5_5.2
          oval oval:com.redhat.rhsa:tst:20100652008
        • comment ImageMagick-c++-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080145024
      • AND
        • comment ImageMagick-devel is earlier than 0:6.2.8.0-4.el5_5.2
          oval oval:com.redhat.rhsa:tst:20100652006
        • comment ImageMagick-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080145022
      • AND
        • comment ImageMagick-perl is earlier than 0:6.2.8.0-4.el5_5.2
          oval oval:com.redhat.rhsa:tst:20100652010
        • comment ImageMagick-perl is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080145028
    rhsa
    id RHSA-2010:0652
    released 2010-08-25
    severity Moderate
    title RHSA-2010:0652: ImageMagick security and bug fix update (Moderate)
  • bugzilla
    id 503017
    title CVE-2009-1882 ImageMagick, GraphicsMagick: Integer overflow in the routine creating X11 images
    oval
    AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304001
    • OR
      • AND
        • comment ImageMagick is earlier than 0:6.0.7.1-20.el4_8.1
          oval oval:com.redhat.rhsa:tst:20100653002
        • comment ImageMagick is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070015003
      • AND
        • comment ImageMagick-c++ is earlier than 0:6.0.7.1-20.el4_8.1
          oval oval:com.redhat.rhsa:tst:20100653008
        • comment ImageMagick-c++ is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070015011
      • AND
        • comment ImageMagick-c++-devel is earlier than 0:6.0.7.1-20.el4_8.1
          oval oval:com.redhat.rhsa:tst:20100653010
        • comment ImageMagick-c++-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070015009
      • AND
        • comment ImageMagick-devel is earlier than 0:6.0.7.1-20.el4_8.1
          oval oval:com.redhat.rhsa:tst:20100653004
        • comment ImageMagick-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070015005
      • AND
        • comment ImageMagick-perl is earlier than 0:6.0.7.1-20.el4_8.1
          oval oval:com.redhat.rhsa:tst:20100653006
        • comment ImageMagick-perl is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070015007
    rhsa
    id RHSA-2010:0653
    released 2010-08-25
    severity Moderate
    title RHSA-2010:0653: ImageMagick security update (Moderate)
rpms
  • ImageMagick-0:6.2.8.0-4.el5_5.2
  • ImageMagick-c++-0:6.2.8.0-4.el5_5.2
  • ImageMagick-c++-devel-0:6.2.8.0-4.el5_5.2
  • ImageMagick-devel-0:6.2.8.0-4.el5_5.2
  • ImageMagick-perl-0:6.2.8.0-4.el5_5.2
  • ImageMagick-0:6.0.7.1-20.el4_8.1
  • ImageMagick-c++-0:6.0.7.1-20.el4_8.1
  • ImageMagick-c++-devel-0:6.0.7.1-20.el4_8.1
  • ImageMagick-devel-0:6.0.7.1-20.el4_8.1
  • ImageMagick-perl-0:6.0.7.1-20.el4_8.1
refmap via4
bid 35111
bugtraq 20101027 rPSA-2010-0074-1 ImageMagick
confirm
debian DSA-1858
fedora
  • FEDORA-2010-0001
  • FEDORA-2010-0036
gentoo GLSA-201311-10
mlist [oss-security] 20090608 Re: CVE Request -- ImageMagick -- Integer overflow in XMakeImage()
osvdb 54729
secunia
  • 35216
  • 35382
  • 35685
  • 36260
  • 37959
  • 55721
suse SUSE-SR:2009:012
ubuntu USN-784-1
vupen ADV-2009-1449
Last major update 24-11-2013 - 22:54
Published 02-06-2009 - 11:30
Last modified 10-10-2018 - 15:38
Back to Top