[<prev] [next>] [<thread-prev] [month] [year] [list]
Date: Mon, 8 Jun 2009 10:26:56 +0200
From: Thomas Biege <thomas@...e.de>
To: oss-security@...ts.openwall.com
Cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE Request -- ImageMagick -- Integer overflow in XMakeImage()
This also affects GraphicsMagick.
On Sat, Jun 06, 2009 at 12:22:01PM -0400, Steven M. Christey wrote:
>
> ======================================================
> Name: CVE-2009-1882
> Status: Candidate
> URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1882
> Reference: CONFIRM:http://imagemagick.org/script/changelog.php
> Reference: CONFIRM:http://mirror1.smudge-it.co.uk/imagemagick/www/changelog.html
> Reference: BID:35111
> Reference: URL:http://www.securityfocus.com/bid/35111
> Reference: OSVDB:54729
> Reference: URL:http://osvdb.org/54729
> Reference: SECUNIA:35216
> Reference: URL:http://secunia.com/advisories/35216
> Reference: VUPEN:ADV-2009-1449
> Reference: URL:http://www.vupen.com/english/advisories/2009/1449
>
> Integer overflow in the XMakeImage function in magick/xwindow.c in
> ImageMagick 6.5.2-8 allows remote attackers to cause a denial of
> service (crash) and possibly execute arbitrary code via a crafted TIFF
> file, which triggers a buffer overflow. NOTE: some of these details
> are obtained from third party information.
>
--
Bye,
Thomas
--
Thomas Biege <thomas@...e.de>, SUSE LINUX, Security Support & Auditing
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
--
Hamming's Motto:
The purpose of computing is insight, not numbers.
-- Richard W. Hamming
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Hosted by DataForce ISP -
Powered by Openwall GNU/*/Linux