Support / Security / Advisories / Corporate Server 3.0 / MDKSA-2007:041

Package name: ImageMagick
Date: 2007-02-09
Advisory ID: MDKSA-2007:041
Affected versions: CS4.0 x86_64 , 2006.0 i586 , 2007.0 x86_64 , 2007.0 i586 , CS3.0 x86_64 , CS4.0 i586 , CS3.0 i586 , 2006.0 x86_64

Problem description

Vladimir Nadvornik discovered a buffer overflow in GraphicsMagick and
ImageMagick allows user-assisted attackers to cause a denial of service
and possibly execute execute arbitrary code via a PALM image that is
not properly handled by the ReadPALMImage function in coders/palm.c.

This is related to an earlier fix for CVE-2006-5456 that did not fully
correct the issue.

Updated packages have been patched to correct this issue.

Updated packages

CS4.0 x86_64

 7511f0e4b203f7217774ae3133f6ac97  corporate/4.0/x86_64/ImageMagick-6.2.4.3-1.5.20060mlcs4.x86_64.rpm
 12996cab922873b18717bceeac05f4d0  corporate/4.0/x86_64/ImageMagick-doc-6.2.4.3-1.5.20060mlcs4.x86_64.rpm
 9f63d066ad11524a5855c69f951b87ba  corporate/4.0/x86_64/lib64Magick8.4.2-6.2.4.3-1.5.20060mlcs4.x86_64.rpm
 4750be3ba0b5fa37378402d80376b168  corporate/4.0/x86_64/lib64Magick8.4.2-devel-6.2.4.3-1.5.20060mlcs4.x86_64.rpm
 b004eeb51659686cb5cfdfa125ee4102  corporate/4.0/x86_64/perl-Image-Magick-6.2.4.3-1.5.20060mlcs4.x86_64.rpm 
 ccf643955298a3d36be65f9958360da6  corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.5.20060mlcs4.src.rpm

2006.0 i586

 193c4bcc7fa385bc4582095a3bdc362e  2006.0/i586/ImageMagick-6.2.4.3-1.5.20060mdk.i586.rpm
 b412617cbd2bee1ac4b7e5dd9dc7f669  2006.0/i586/ImageMagick-doc-6.2.4.3-1.5.20060mdk.i586.rpm
 20fc4eec284af86b076bbcbebaee0bb3  2006.0/i586/libMagick8.4.2-6.2.4.3-1.5.20060mdk.i586.rpm
 f79d82b2e5e4043ccb2871259de495e1  2006.0/i586/libMagick8.4.2-devel-6.2.4.3-1.5.20060mdk.i586.rpm
 ab5a38478c7c022197edc5d4f5128aaf  2006.0/i586/perl-Image-Magick-6.2.4.3-1.5.20060mdk.i586.rpm 
 8a4d8538baa0065458ba630aaed9976d  2006.0/SRPMS/ImageMagick-6.2.4.3-1.5.20060mdk.src.rpm

2007.0 x86_64

 51380bf4ebf6e0b04c4f4288661ae213  2007.0/x86_64/ImageMagick-6.2.9.2-1.2mdv2007.0.x86_64.rpm
 69b0a59488540fdf0f28442f964fd104  2007.0/x86_64/ImageMagick-doc-6.2.9.2-1.2mdv2007.0.x86_64.rpm
 8fb388fc56a213a28351c9c561861329  2007.0/x86_64/lib64Magick10.4.0-6.2.9.2-1.2mdv2007.0.x86_64.rpm
 ec518f1e4a63e66c2fb352b41760028e  2007.0/x86_64/lib64Magick10.4.0-devel-6.2.9.2-1.2mdv2007.0.x86_64.rpm
 08b01e7f371a53bec64e6beeb5f3ab53  2007.0/x86_64/perl-Image-Magick-6.2.9.2-1.2mdv2007.0.x86_64.rpm 
 3116010a2047074e801e22d425c9a9d5  2007.0/SRPMS/ImageMagick-6.2.9.2-1.2mdv2007.0.src.rpm

2007.0 i586

 6ab89c972478c2c023da37b93f594d24  2007.0/i586/ImageMagick-6.2.9.2-1.2mdv2007.0.i586.rpm
 28f69c54db80c27a101491330f66b662  2007.0/i586/ImageMagick-doc-6.2.9.2-1.2mdv2007.0.i586.rpm
 03b4d5956d8877694faac5865d48a520  2007.0/i586/libMagick10.4.0-6.2.9.2-1.2mdv2007.0.i586.rpm
 776a23f71fb316acdf5cff805971c34e  2007.0/i586/libMagick10.4.0-devel-6.2.9.2-1.2mdv2007.0.i586.rpm
 93f2614af3719718cac1d1879d12d12a  2007.0/i586/perl-Image-Magick-6.2.9.2-1.2mdv2007.0.i586.rpm 
 3116010a2047074e801e22d425c9a9d5  2007.0/SRPMS/ImageMagick-6.2.9.2-1.2mdv2007.0.src.rpm

CS3.0 x86_64

 b63e6de0c85935b92b9d7c9694a834f3  corporate/3.0/x86_64/ImageMagick-5.5.7.15-6.10.C30mdk.x86_64.rpm
 8e5277702700da02eb6e05a150035770  corporate/3.0/x86_64/ImageMagick-doc-5.5.7.15-6.10.C30mdk.x86_64.rpm
 b07b76e7e0a8d66d2d79f712d09958e1  corporate/3.0/x86_64/lib64Magick5.5.7-5.5.7.15-6.10.C30mdk.x86_64.rpm
 9212e9b660e22225a53a98036bc3fcb8  corporate/3.0/x86_64/lib64Magick5.5.7-devel-5.5.7.15-6.10.C30mdk.x86_64.rpm
 c7b43627ef24177dd52a375d6b9f21d4  corporate/3.0/x86_64/perl-Magick-5.5.7.15-6.10.C30mdk.x86_64.rpm 
 3443a491b2e8d8cdde7b9d75a7ff26eb  corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.10.C30mdk.src.rpm

CS4.0 i586

 e4ba1f2b9651d72c1cd4cb6dd776d751  corporate/4.0/i586/ImageMagick-6.2.4.3-1.5.20060mlcs4.i586.rpm
 26d72e8cafcbc76087c7631e8bedd6e5  corporate/4.0/i586/ImageMagick-doc-6.2.4.3-1.5.20060mlcs4.i586.rpm
 b18d2e5aefe0fc96f6dfef405ac75d1d  corporate/4.0/i586/libMagick8.4.2-6.2.4.3-1.5.20060mlcs4.i586.rpm
 7ed9b663192e24fd723a238dce7261c3  corporate/4.0/i586/libMagick8.4.2-devel-6.2.4.3-1.5.20060mlcs4.i586.rpm
 c7e27a51fc8ee6b3dbf3926be899b028  corporate/4.0/i586/perl-Image-Magick-6.2.4.3-1.5.20060mlcs4.i586.rpm 
 ccf643955298a3d36be65f9958360da6  corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.5.20060mlcs4.src.rpm

CS3.0 i586

 471cef35e46eeb61d6591e13b446479e  corporate/3.0/i586/ImageMagick-5.5.7.15-6.10.C30mdk.i586.rpm
 70c7d71b8880e5c333c339d5a647268f  corporate/3.0/i586/ImageMagick-doc-5.5.7.15-6.10.C30mdk.i586.rpm
 1cc8b03ddd796be711feb96369129351  corporate/3.0/i586/libMagick5.5.7-5.5.7.15-6.10.C30mdk.i586.rpm
 f6ac22c4a8b964d16a945a058a11018c  corporate/3.0/i586/libMagick5.5.7-devel-5.5.7.15-6.10.C30mdk.i586.rpm
 65c9c8f0d3f8a126a78aa42c4e938143  corporate/3.0/i586/perl-Magick-5.5.7.15-6.10.C30mdk.i586.rpm 
 3443a491b2e8d8cdde7b9d75a7ff26eb  corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.10.C30mdk.src.rpm

2006.0 x86_64

 a73886f426de014a97adfb746e4565f8  2006.0/x86_64/ImageMagick-6.2.4.3-1.5.20060mdk.x86_64.rpm
 bf0d3317021d77551e1154f7e222915c  2006.0/x86_64/ImageMagick-doc-6.2.4.3-1.5.20060mdk.x86_64.rpm
 d8f7a2b02a6324579ac78daddb0e6a7e  2006.0/x86_64/lib64Magick8.4.2-6.2.4.3-1.5.20060mdk.x86_64.rpm
 dfb8b167a0070da2d2f9e4ffe28023fe  2006.0/x86_64/lib64Magick8.4.2-devel-6.2.4.3-1.5.20060mdk.x86_64.rpm
 3739eede5d60601d1dc1d73d01b37202  2006.0/x86_64/perl-Image-Magick-6.2.4.3-1.5.20060mdk.x86_64.rpm 
 8a4d8538baa0065458ba630aaed9976d  2006.0/SRPMS/ImageMagick-6.2.4.3-1.5.20060mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0770