MDKSA-2005:065

Package name
ImageMagick
Date
2005-04-01
Advisory ID
MDKSA-2005:065
Affected versions
CS2.1 x86_64 , 10.0 amd64 , 10.1 i586 , 10.0 i586 , CS3.0 x86_64 , CS3.0 i586 , CS2.1 i586 , 10.1 x86_64

Problem description

A format string vulnerability was discovered in ImageMagick, in the way it handles filenames. An attacker could execute arbitrary code on a victim's machine provided they could trick them into opening a file with a special name (CAN-2005-0397). As well, Andrei Nigmatulin discovered a heap-based buffer overflow in ImageMagick's image handler. An attacker could create a special PhotoShop Document (PSD) image file in such a way that it would cause ImageMagick to execute arbitray code when processing the image (CAN-2005-0005). Other vulnerabilities were discovered in ImageMagick versions prior to 6.0: A bug in the way that ImageMagick handles TIFF tags was discovered. It was possible that a TIFF image with an invalid tag could cause ImageMagick to crash (CAN-2005-0759). A bug in ImageMagick's TIFF decoder was discovered where a specially- crafted TIFF image could cause ImageMagick to crash (CAN-2005-0760). A bug in ImageMagick's PSD parsing was discovered where a specially- crafted PSD file could cause ImageMagick to crash (CAN-2005-0761). Finally, a heap overflow bug was discovered in ImageMagick's SGI parser. If an attacker could trick a user into opening a specially- crafted SGI image file, ImageMagick would execute arbitrary code (CAN-2005-0762). The updated packages have been patched to correct these issues.

Updated packages

CS2.1 x86_64

 b67fb79755ceddb46e334f1633dd7aae  x86_64/corporate/2.1/RPMS/ImageMagick-5.4.8.3-2.3.C21mdk.x86_64.rpm
f5e945a29810bcc32ac1eca995071fb5  x86_64/corporate/2.1/RPMS/libMagick5-5.4.8.3-2.3.C21mdk.x86_64.rpm
80f7085bc6e4b2e0f2ce329d4fbd84a1  x86_64/corporate/2.1/RPMS/libMagick5-devel-5.4.8.3-2.3.C21mdk.x86_64.rpm
62013e17a37016ed6d1399873315aeb0  x86_64/corporate/2.1/RPMS/perl-Magick-5.4.8.3-2.3.C21mdk.x86_64.rpm
2e58703fa9039f43f477738dfca60b50  x86_64/corporate/2.1/SRPMS/ImageMagick-5.4.8.3-2.3.C21mdk.src.rpm

10.0 amd64

 19999eddbba540b711d8286cc63aab13  amd64/10.0/RPMS/ImageMagick-5.5.7.15-6.3.100mdk.amd64.rpm
d6cc1e5d60cfc7f3e635e3a19cfa39c2  amd64/10.0/RPMS/ImageMagick-doc-5.5.7.15-6.3.100mdk.amd64.rpm
2d51f1395c4b5bd61b8d2b9e04b8c32e  amd64/10.0/RPMS/lib64Magick5.5.7-5.5.7.15-6.3.100mdk.amd64.rpm
4efb0e3ea5ce48723af60c27755a8c1e  amd64/10.0/RPMS/lib64Magick5.5.7-devel-5.5.7.15-6.3.100mdk.amd64.rpm
3063415e823fdba9077d33fdc80d5812  amd64/10.0/RPMS/perl-Magick-5.5.7.15-6.3.100mdk.amd64.rpm
2ddc8dbc59fd26cdf0654f7393e63acc  amd64/10.0/SRPMS/ImageMagick-5.5.7.15-6.3.100mdk.src.rpm

10.1 i586

 9f484abe4c4a273f02e75b326cd75703  10.1/RPMS/ImageMagick-6.0.4.4-5.2.101mdk.i586.rpm
02f61f0204678e5fbe93bf798650ae30  10.1/RPMS/ImageMagick-doc-6.0.4.4-5.2.101mdk.i586.rpm
0956e5b16ef8cb9f0679a0e18c6db2b5  10.1/RPMS/libMagick6.4.0-6.0.4.4-5.2.101mdk.i586.rpm
1d88ee2ab0452d6bfb30998bd3d5b783  10.1/RPMS/libMagick6.4.0-devel-6.0.4.4-5.2.101mdk.i586.rpm
3e4e9b98225c454b3cc7679cce543efa  10.1/RPMS/perl-Magick-6.0.4.4-5.2.101mdk.i586.rpm
dcf46d41f345b3cfb35f720191ffee95  10.1/SRPMS/ImageMagick-6.0.4.4-5.2.101mdk.src.rpm

10.0 i586

 6934bcdb04a00c9e8bf278310a4d97a1  10.0/RPMS/ImageMagick-5.5.7.15-6.3.100mdk.i586.rpm
3a0baa10203d9cd7f29693d70c422411  10.0/RPMS/ImageMagick-doc-5.5.7.15-6.3.100mdk.i586.rpm
cc4466005fcefc66302e76c380fd3d29  10.0/RPMS/libMagick5.5.7-5.5.7.15-6.3.100mdk.i586.rpm
4dab1d0e359b30def19dd027e2c9cecc  10.0/RPMS/libMagick5.5.7-devel-5.5.7.15-6.3.100mdk.i586.rpm
79b4999b37e80b82d3e31ad26db7b90b  10.0/RPMS/perl-Magick-5.5.7.15-6.3.100mdk.i586.rpm
2ddc8dbc59fd26cdf0654f7393e63acc  10.0/SRPMS/ImageMagick-5.5.7.15-6.3.100mdk.src.rpm

CS3.0 x86_64

 74b8532afa8187eff8a8a2bdf954c638  x86_64/corporate/3.0/RPMS/ImageMagick-5.5.7.15-6.3.C30mdk.x86_64.rpm
637c470bfcba18f87d7e4f64a261fde4  x86_64/corporate/3.0/RPMS/ImageMagick-doc-5.5.7.15-6.3.C30mdk.x86_64.rpm
6d182fc7976de33b1cd9a5a293ebe81e  x86_64/corporate/3.0/RPMS/lib64Magick5.5.7-5.5.7.15-6.3.C30mdk.x86_64.rpm
feecb9d9b44fb683e0daf6701ea9cf7e  x86_64/corporate/3.0/RPMS/lib64Magick5.5.7-devel-5.5.7.15-6.3.C30mdk.x86_64.rpm
919e98e64fe436674016a48142ab0ebd  x86_64/corporate/3.0/RPMS/perl-Magick-5.5.7.15-6.3.C30mdk.x86_64.rpm
b28bb96208961dba1afe76667d993051  x86_64/corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.3.C30mdk.src.rpm

CS3.0 i586

 2b6b1cf0015a34fa11ca7705a699510e  corporate/3.0/RPMS/ImageMagick-5.5.7.15-6.3.C30mdk.i586.rpm
561ce007678557f825ebff37b1428412  corporate/3.0/RPMS/ImageMagick-doc-5.5.7.15-6.3.C30mdk.i586.rpm
53d43d1df6bdf4165f4e6f91ce7d0db2  corporate/3.0/RPMS/libMagick5.5.7-5.5.7.15-6.3.C30mdk.i586.rpm
c87ac116fb584684a767b98f6afa3075  corporate/3.0/RPMS/libMagick5.5.7-devel-5.5.7.15-6.3.C30mdk.i586.rpm
f167bc2e68e9c0dd50d5194b0eb4a94c  corporate/3.0/RPMS/perl-Magick-5.5.7.15-6.3.C30mdk.i586.rpm
b28bb96208961dba1afe76667d993051  corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.3.C30mdk.src.rpm

CS2.1 i586

 b5790a7e928f01d6711cfd29e60df9eb  corporate/2.1/RPMS/ImageMagick-5.4.8.3-2.3.C21mdk.i586.rpm
12fc1f15675a34018601246dbf48efd1  corporate/2.1/RPMS/libMagick5-5.4.8.3-2.3.C21mdk.i586.rpm
e70caf4a6f3f7bc68771c78d8322bbfb  corporate/2.1/RPMS/libMagick5-devel-5.4.8.3-2.3.C21mdk.i586.rpm
514c24bde5b0a9b9f7e9e00c3b29f10e  corporate/2.1/RPMS/perl-Magick-5.4.8.3-2.3.C21mdk.i586.rpm
2e58703fa9039f43f477738dfca60b50  corporate/2.1/SRPMS/ImageMagick-5.4.8.3-2.3.C21mdk.src.rpm

10.1 x86_64

 2b233a0f81ffa51aa04cdb2692a9326f  x86_64/10.1/RPMS/ImageMagick-6.0.4.4-5.2.101mdk.x86_64.rpm
4970da03098334fb083755bf67939360  x86_64/10.1/RPMS/ImageMagick-doc-6.0.4.4-5.2.101mdk.x86_64.rpm
e83077f3d38232432aa8641dd94ad804  x86_64/10.1/RPMS/lib64Magick6.4.0-6.0.4.4-5.2.101mdk.x86_64.rpm
db849fd4641def869876a614a24a2ec2  x86_64/10.1/RPMS/lib64Magick6.4.0-devel-6.0.4.4-5.2.101mdk.x86_64.rpm
12d68cdf7e347606bf9bb70ba6051ce3  x86_64/10.1/RPMS/perl-Magick-6.0.4.4-5.2.101mdk.x86_64.rpm
dcf46d41f345b3cfb35f720191ffee95  x86_64/10.1/SRPMS/ImageMagick-6.0.4.4-5.2.101mdk.src.rpm

References