|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200505-16] ImageMagick, GraphicsMagick: Denial of Service vulnerability Vulnerability Scan
Vulnerability Scan Summary ImageMagick, GraphicsMagick: Denial of Service vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200505-16
(ImageMagick, GraphicsMagick: Denial of Service vulnerability)
Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a
Denial of Service vulnerability in the XWD decoder of ImageMagick and
GraphicsMagick when setting a color mask to zero.
Impact
A remote attacker could submit a specially crafted image to a user
or an automated system making use of an affected utility, resulting in
a Denial of Service by consumption of CPU time.
Workaround
There is no known workaround at this time.
Solution:
All ImageMagick users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.2.2.3"
All GraphicsMagick users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/graphicsmagick-1.1.6-r1"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|