ID CVE-2009-1882
Summary Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of these details are obtained from third party information.
References
Vulnerable Configurations
  • cpe:2.3:a:imagemagick:imagemagick:6.5.2-8:*:*:*:*:*:*:*
    cpe:2.3:a:imagemagick:imagemagick:6.5.2-8:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 10-10-2018 - 19:38)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
redhat via4
advisories
  • bugzilla
    id 625058
    title CRM.1902920 - Issue displaying SGI image with ImageMagick
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment ImageMagick is earlier than 0:6.2.8.0-4.el5_5.2
          oval oval:com.redhat.rhsa:tst:20100652002
        • comment ImageMagick is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080145020
      • AND
        • comment ImageMagick-c++ is earlier than 0:6.2.8.0-4.el5_5.2
          oval oval:com.redhat.rhsa:tst:20100652004
        • comment ImageMagick-c++ is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080145026
      • AND
        • comment ImageMagick-c++-devel is earlier than 0:6.2.8.0-4.el5_5.2
          oval oval:com.redhat.rhsa:tst:20100652008
        • comment ImageMagick-c++-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080145024
      • AND
        • comment ImageMagick-devel is earlier than 0:6.2.8.0-4.el5_5.2
          oval oval:com.redhat.rhsa:tst:20100652006
        • comment ImageMagick-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080145022
      • AND
        • comment ImageMagick-perl is earlier than 0:6.2.8.0-4.el5_5.2
          oval oval:com.redhat.rhsa:tst:20100652010
        • comment ImageMagick-perl is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080145028
    rhsa
    id RHSA-2010:0652
    released 2010-08-25
    severity Moderate
    title RHSA-2010:0652: ImageMagick security and bug fix update (Moderate)
  • bugzilla
    id 503017
    title CVE-2009-1882 ImageMagick, GraphicsMagick: Integer overflow in the routine creating X11 images
    oval
    AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304001
    • OR
      • AND
        • comment ImageMagick is earlier than 0:6.0.7.1-20.el4_8.1
          oval oval:com.redhat.rhsa:tst:20100653002
        • comment ImageMagick is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070015003
      • AND
        • comment ImageMagick-c++ is earlier than 0:6.0.7.1-20.el4_8.1
          oval oval:com.redhat.rhsa:tst:20100653008
        • comment ImageMagick-c++ is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070015011
      • AND
        • comment ImageMagick-c++-devel is earlier than 0:6.0.7.1-20.el4_8.1
          oval oval:com.redhat.rhsa:tst:20100653010
        • comment ImageMagick-c++-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070015009
      • AND
        • comment ImageMagick-devel is earlier than 0:6.0.7.1-20.el4_8.1
          oval oval:com.redhat.rhsa:tst:20100653004
        • comment ImageMagick-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070015005
      • AND
        • comment ImageMagick-perl is earlier than 0:6.0.7.1-20.el4_8.1
          oval oval:com.redhat.rhsa:tst:20100653006
        • comment ImageMagick-perl is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070015007
    rhsa
    id RHSA-2010:0653
    released 2010-08-25
    severity Moderate
    title RHSA-2010:0653: ImageMagick security update (Moderate)
rpms
  • ImageMagick-0:6.2.8.0-4.el5_5.2
  • ImageMagick-c++-0:6.2.8.0-4.el5_5.2
  • ImageMagick-c++-devel-0:6.2.8.0-4.el5_5.2
  • ImageMagick-devel-0:6.2.8.0-4.el5_5.2
  • ImageMagick-perl-0:6.2.8.0-4.el5_5.2
  • ImageMagick-0:6.0.7.1-20.el4_8.1
  • ImageMagick-c++-0:6.0.7.1-20.el4_8.1
  • ImageMagick-c++-devel-0:6.0.7.1-20.el4_8.1
  • ImageMagick-devel-0:6.0.7.1-20.el4_8.1
  • ImageMagick-perl-0:6.0.7.1-20.el4_8.1
refmap via4
bid 35111
bugtraq 20101027 rPSA-2010-0074-1 ImageMagick
confirm
debian DSA-1858
fedora
  • FEDORA-2010-0001
  • FEDORA-2010-0036
gentoo GLSA-201311-10
mlist [oss-security] 20090608 Re: CVE Request -- ImageMagick -- Integer overflow in XMakeImage()
osvdb 54729
secunia
  • 35216
  • 35382
  • 35685
  • 36260
  • 37959
  • 55721
suse SUSE-SR:2009:012
ubuntu USN-784-1
vupen ADV-2009-1449
Last major update 10-10-2018 - 19:38
Published 02-06-2009 - 15:30
Back to Top