|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200409-12] ImageMagick, imlib, imlib2: BMP decoding buffer overflows Vulnerability Scan
Vulnerability Scan Summary ImageMagick, imlib, imlib2: BMP decoding buffer overflows
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200409-12
(ImageMagick, imlib, imlib2: BMP decoding buffer overflows)
Due to improper bounds checking, ImageMagick and imlib are vulnerable to a
buffer overflow when decoding runlength-encoded bitmaps. This bug can be
exploited using a specially-crafted BMP image and could potentially allow
remote code execution when this image is decoded by the user.
Impact
A specially-crafted runlength-encoded BMP could lead ImageMagick and imlib
to crash or potentially execute arbitrary code.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0802
http://studio.imagemagick.org/pipermail/magick-developers/2004-August/002011.html
http://securitytracker.com/alerts/2004/Aug/1011104.html
http://securitytracker.com/alerts/2004/Aug/1011105.html
Solution:
All ImageMagick users should upgrade to the latest version:
# emerge sync
# emerge -pv ">=media-gfx/imagemagick-6.0.7.1"
# emerge ">=media-gfx/imagemagick-6.0.7.1"
All imlib users should upgrade to the latest version:
# emerge sync
# emerge -pv ">=media-libs/imlib-1.9.14-r2"
# emerge ">=media-libs/imlib-1.9.14-r2"
All imlib2 users should upgrade to the latest version:
# emerge sync
# emerge -pv ">=media-libs/imlib2-1.1.2"
# emerge ">=media-libs/imlib2-1.1.2"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|