- Home
- CVEs with nessus.description==Several vulnerabilities have been discovered in the imagemagick image
manipulation programs which can lead to the execution of arbitrary
code, exposure of sensitive information or cause DoS. The Common
Vulnerabilities and Exposures project identifies the following
problems :
- CVE-2007-1667
Multiple integer overflows in XInitImage function in
xwd.c for ImageMagick, allow user-assisted remote
attackers to cause a denial of service (crash) or obtain
sensitive information via crafted images with large or
negative values that trigger a buffer overflow. It only
affects the oldstable distribution (etch).
- CVE-2007-1797
Multiple integer overflows allow remote attackers to
execute arbitrary code via a crafted DCM image, or the
colors or comments field in a crafted XWD image. It only
affects the oldstable distribution (etch).
- CVE-2007-4985
A crafted image file can trigger an infinite loop in the
ReadDCMImage function or in the ReadXCFImage function.
It only affects the oldstable distribution (etch).
- CVE-2007-4986
Multiple integer overflows allow context-dependent
attackers to execute arbitrary code via a crafted .dcm,
.dib, .xbm, .xcf, or .xwd image file, which triggers a
heap-based buffer overflow. It only affects the
oldstable distribution (etch).
- CVE-2007-4987
Off-by-one error allows context-dependent attackers to
execute arbitrary code via a crafted image file, which
triggers the writing of a '\0' character to an
out-of-bounds address. It affects only the oldstable
distribution (etch).
- CVE-2007-4988
A sign extension error allows context-dependent
attackers to execute arbitrary code via a crafted width
value in an image file, which triggers an integer
overflow and a heap-based buffer overflow. It affects
only the oldstable distribution (etch).
- CVE-2008-1096
The load_tile function in the XCF coder allows
user-assisted remote attackers to cause a denial of
service or possibly execute arbitrary code via a crafted
.xcf file that triggers an out-of-bounds heap write. It
affects only to oldstable (etch).
- CVE-2008-1097
Heap-based buffer overflow in the PCX coder allows
user-assisted remote attackers to cause a denial of
service or possibly execute arbitrary code via a crafted
.pcx file that triggers incorrect memory allocation for
the scanline array, leading to memory corruption. It
affects only to oldstable (etch).
- CVE-2009-1882
Integer overflow allows remote attackers to cause a
denial of service (crash) and possibly execute arbitrary
code via a crafted TIFF file, which triggers a buffer
overflow.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top