|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200611-19] ImageMagick: PALM and DCM buffer overflows Vulnerability Scan
Vulnerability Scan Summary ImageMagick: PALM and DCM buffer overflows
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200611-19
(ImageMagick: PALM and DCM buffer overflows)
M. Joonas Pihlaja has reported that a boundary error exists within the
ReadDCMImage() function of coders/dcm.c, causing the improper handling
of DCM images. Pihlaja also reported that there are several boundary
errors in the ReadPALMImage() function of coders/palm.c, similarly
causing the improper handling of PALM images.
Impact
A possible hacker could entice a user to open a specially crafted DCM or PALM
image with ImageMagick, and possibly execute arbitrary code with the
rights of the user running ImageMagick.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5456
Solution:
All ImageMagick users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.3.0.5"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|