1. CVE-Search
  2. CVE-2009-1882
ID CVE-2009-1882
Summary Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of these details are obtained from third party information.
References
Vulnerable Configurations
  • cpe:2.3:a:imagemagick:imagemagick:6.5.2-8:*:*:*:*:*:*:*
    cpe:2.3:a:imagemagick:imagemagick:6.5.2-8:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 10-10-2018 - 19:38)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
redhat via4
advisories
  • bugzilla
    id 625058
    title CRM.1902920 - Issue displaying SGI image with ImageMagick
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • comment ImageMagick is earlier than 0:6.2.8.0-4.el5_5.2
            oval oval:com.redhat.rhsa:tst:20100652001
          • comment ImageMagick is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20080145013
        • AND
          • comment ImageMagick-c++ is earlier than 0:6.2.8.0-4.el5_5.2
            oval oval:com.redhat.rhsa:tst:20100652003
          • comment ImageMagick-c++ is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20080145015
        • AND
          • comment ImageMagick-c++-devel is earlier than 0:6.2.8.0-4.el5_5.2
            oval oval:com.redhat.rhsa:tst:20100652005
          • comment ImageMagick-c++-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20080145017
        • AND
          • comment ImageMagick-devel is earlier than 0:6.2.8.0-4.el5_5.2
            oval oval:com.redhat.rhsa:tst:20100652007
          • comment ImageMagick-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20080145019
        • AND
          • comment ImageMagick-perl is earlier than 0:6.2.8.0-4.el5_5.2
            oval oval:com.redhat.rhsa:tst:20100652009
          • comment ImageMagick-perl is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20080145021
    rhsa
    id RHSA-2010:0652
    released 2010-08-25
    severity Moderate
    title RHSA-2010:0652: ImageMagick security and bug fix update (Moderate)
  • bugzilla
    id 503017
    title CVE-2009-1882 ImageMagick, GraphicsMagick: Integer overflow in the routine creating X11 images
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • comment ImageMagick is earlier than 0:6.0.7.1-20.el4_8.1
            oval oval:com.redhat.rhsa:tst:20100653001
          • comment ImageMagick is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060178002
        • AND
          • comment ImageMagick-c++ is earlier than 0:6.0.7.1-20.el4_8.1
            oval oval:com.redhat.rhsa:tst:20100653003
          • comment ImageMagick-c++ is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060178004
        • AND
          • comment ImageMagick-c++-devel is earlier than 0:6.0.7.1-20.el4_8.1
            oval oval:com.redhat.rhsa:tst:20100653005
          • comment ImageMagick-c++-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060178006
        • AND
          • comment ImageMagick-devel is earlier than 0:6.0.7.1-20.el4_8.1
            oval oval:com.redhat.rhsa:tst:20100653007
          • comment ImageMagick-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060178008
        • AND
          • comment ImageMagick-perl is earlier than 0:6.0.7.1-20.el4_8.1
            oval oval:com.redhat.rhsa:tst:20100653009
          • comment ImageMagick-perl is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060178010
    rhsa
    id RHSA-2010:0653
    released 2010-08-25
    severity Moderate
    title RHSA-2010:0653: ImageMagick security update (Moderate)
rpms
  • ImageMagick-0:6.2.8.0-4.el5_5.2
  • ImageMagick-c++-0:6.2.8.0-4.el5_5.2
  • ImageMagick-c++-devel-0:6.2.8.0-4.el5_5.2
  • ImageMagick-debuginfo-0:6.2.8.0-4.el5_5.2
  • ImageMagick-devel-0:6.2.8.0-4.el5_5.2
  • ImageMagick-perl-0:6.2.8.0-4.el5_5.2
  • ImageMagick-0:6.0.7.1-20.el4_8.1
  • ImageMagick-c++-0:6.0.7.1-20.el4_8.1
  • ImageMagick-c++-devel-0:6.0.7.1-20.el4_8.1
  • ImageMagick-debuginfo-0:6.0.7.1-20.el4_8.1
  • ImageMagick-devel-0:6.0.7.1-20.el4_8.1
  • ImageMagick-perl-0:6.0.7.1-20.el4_8.1
refmap via4
bid 35111
bugtraq 20101027 rPSA-2010-0074-1 ImageMagick
confirm
debian DSA-1858
fedora
  • FEDORA-2010-0001
  • FEDORA-2010-0036
gentoo GLSA-201311-10
mlist [oss-security] 20090608 Re: CVE Request -- ImageMagick -- Integer overflow in XMakeImage()
osvdb 54729
secunia
  • 35216
  • 35382
  • 35685
  • 36260
  • 37959
  • 55721
suse SUSE-SR:2009:012
ubuntu USN-784-1
vupen ADV-2009-1449
Last major update 10-10-2018 - 19:38
Published 02-06-2009 - 15:30
Last modified 10-10-2018 - 19:38
Back to Top