|
Family: Red Hat Local Security Checks --> Category: infos
RHSA-2004-636: ImageMagick Vulnerability Scan
Vulnerability Scan Summary Check for the version of the ImageMagick packages
Detailed Explanation for this Vulnerability Test
Updated ImageMagick packages that fixes a buffer overflow are now available.
ImageMagick(TM) is an image display and manipulation tool for the X Window
System.
A buffer overflow flaw was discovered in the ImageMagick image handler.
A possible hacker could create a carefully crafted image file with an improper
EXIF information in such a way that it would cause ImageMagick to execute
arbitrary code when processing the image. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2004-0981 to
this issue.
David Eisenstein has reported that our previous fix for CVE-2004-0827, a
heap overflow flaw, was incomplete. A possible hacker could create a carefully
crafted BMP file in such a way that it could cause ImageMagick to execute
arbitrary code when processing the image. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2004-0827 to
this issue.
Users of ImageMagick should upgrade to these updated packages, which
contain a backported patch, and is not vulnerable to this issue.
Solution : http://rhn.redhat.com/errata/RHSA-2004-636.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|