CVE-2004-0827
CVSS7.5
发布时间 :2004-09-16 00:00:00
修订时间 :2011-03-07 21:16:19
NMCOP    

[原文]Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.


[CNNVD]IMLib/IMLib2多个BMP图像编码缓冲区溢出漏洞(CNNVD-200409-037)

        ImageMagick graphics库5.4.4前的5.x版本和6.0.6.2前的6.x版本存在漏洞。远程攻击者可以借助畸形(1)AVI,(2)BMP或者(3)DIB文件导致服务拒绝(应用程序崩溃)或可能执行任意代码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64
cpe:/o:redhat:enterprise_linux:2.1::workstation_ia64
cpe:/a:imagemagick:imagemagick:5.4.4.5ImageMagick 5.4.4.5
cpe:/a:enlightenment:imlib:1.9.8
cpe:/o:redhat:enterprise_linux:2.1::advanced_server
cpe:/a:enlightenment:imlib:1.9.9
cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64
cpe:/a:imagemagick:imagemagick:5.3.3ImageMagick 5.3.3
cpe:/a:imagemagick:imagemagick:5.5.7ImageMagick 5.5.7
cpe:/o:redhat:linux_advanced_workstation:2.1::itanium_processor
cpe:/o:redhat:enterprise_linux:3.0::workstation_server
cpe:/a:enlightenment:imlib:1.9.13
cpe:/a:enlightenment:imlib:1.9.12
cpe:/o:redhat:enterprise_linux:3.0::enterprise_server
cpe:/o:turbolinux:turbolinux:workstation_8.0
cpe:/a:imagemagick:imagemagick:6.0.2ImageMagick 6.0.2
cpe:/o:redhat:enterprise_linux:2.1::enterprise_server
cpe:/a:enlightenment:imlib:1.9.3
cpe:/a:enlightenment:imlib:1.9.14
cpe:/o:redhat:linux_advanced_workstation:2.1::ia64
cpe:/a:sun:java_desktop_system:2003
cpe:/o:redhat:enterprise_linux:2.1::advanced_server_ia64
cpe:/a:enlightenment:imlib:1.9.6
cpe:/a:enlightenment:imlib2:1.0.1
cpe:/a:enlightenment:imlib:1.9.4
cpe:/o:conectiva:linux:9.0Conectiva Linux 9.0
cpe:/a:enlightenment:imlib2:1.0.2
cpe:/a:imagemagick:imagemagick:5.4.8ImageMagick 5.4.8
cpe:/a:enlightenment:imlib:1.9.7
cpe:/o:turbolinux:turbolinux:workstation_7.0
cpe:/a:enlightenment:imlib:1.9.1
cpe:/o:mandrakesoft:mandrake_linux:9.2::amd64
cpe:/o:suse:suse_linux:8.0::i386
cpe:/o:redhat:enterprise_linux:2.1::enterprise_server_ia64
cpe:/o:suse:suse_linux:9.0SuSE SuSE Linux 9.0
cpe:/o:suse:suse_linux:8.2SuSE SuSE Linux 8.2
cpe:/a:imagemagick:imagemagick:5.4.7ImageMagick 5.4.7
cpe:/o:ubuntu:ubuntu_linux:4.1::ia64
cpe:/o:redhat:fedora_core:core_1.0
cpe:/o:ubuntu:ubuntu_linux:4.1::ppc
cpe:/a:imagemagick:imagemagick:5.4.8.2.1.1.0
cpe:/a:sun:java_desktop_system:2.0Sun Java Desktop System 2.0
cpe:/a:enlightenment:imlib2:1.0
cpe:/a:enlightenment:imlib:1.9.11
cpe:/a:enlightenment:imlib2:1.0.4
cpe:/o:redhat:enterprise_linux:3.0::advanced_server
cpe:/o:suse:suse_linux:8.1SuSE SuSE Linux 8.1
cpe:/a:enlightenment:imlib:1.9.10
cpe:/o:suse:suse_linux:9.2SuSE SuSE Linux 9.2
cpe:/o:redhat:fedora_core:core_3.0
cpe:/a:imagemagick:imagemagick:5.5.6.0_2003-04-09ImageMagick 5.5.6.0 2003-04-09
cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1MandrakeSoft Mandrake Linux Corporate Server 2.1
cpe:/o:turbolinux:turbolinux:desktop_10.0
cpe:/o:suse:suse_linux:9.1SuSE SuSE Linux 9.1
cpe:/o:conectiva:linux:10.0Conectiva Linux 10.0
cpe:/a:enlightenment:imlib2:1.1.1
cpe:/a:enlightenment:imlib:1.9.2
cpe:/o:redhat:enterprise_linux:2.1::workstation
cpe:/a:enlightenment:imlib2:1.1
cpe:/a:enlightenment:imlib2:1.0.5
cpe:/o:suse:suse_linux:9.0::x86_64
cpe:/o:suse:suse_linux:8.0SuSE SuSE Linux 8.0
cpe:/a:enlightenment:imlib2:1.0.3
cpe:/o:mandrakesoft:mandrake_linux:9.2MandrakeSoft Mandrake Linux 9.2
cpe:/o:turbolinux:turbolinux:server_8.0
cpe:/o:redhat:enterprise_linux_desktop:3.0Red Hat Desktop 3.0
cpe:/a:enlightenment:imlib:1.9
cpe:/o:redhat:fedora_core:core_2.0
cpe:/o:mandrakesoft:mandrake_linux:10.0MandrakeSoft Mandrake Linux 10.0
cpe:/a:imagemagick:imagemagick:5.5.3.2.1.2.0ImageMagick 5.5.3.2.1.2.0
cpe:/a:enlightenment:imlib:1.9.5
cpe:/a:imagemagick:imagemagick:5.4.3ImageMagick 5.4.3
cpe:/o:turbolinux:turbolinux:server_7.0

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:11123Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a de...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0827
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0827
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200409-037
(官方数据源) CNNVD

- 其它链接及资源

http://www.redhat.com/support/errata/RHSA-2004-494.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2004:494
http://www.redhat.com/support/errata/RHSA-2004-480.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2004:480
http://www.debian.org/security/2004/dsa-547
(VENDOR_ADVISORY)  DEBIAN  DSA-547
http://xforce.iss.net/xforce/xfdb/17173
(VENDOR_ADVISORY)  XF  imagemagick-bmp-Bo(17173)
http://www.vupen.com/english/advisories/2008/0412
(UNKNOWN)  VUPEN  ADV-2008-0412
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201006-1
(UNKNOWN)  SUNALERT  201006
http://sunsolve.sun.com/search/document.do?assetkey=1-26-231321-1
(UNKNOWN)  SUNALERT  231321
http://secunia.com/advisories/28800
(UNKNOWN)  SECUNIA  28800

- 漏洞信息

IMLib/IMLib2多个BMP图像编码缓冲区溢出漏洞
高危 缓冲区溢出
2004-09-16 00:00:00 2010-01-28 00:00:00
远程  
        ImageMagick graphics库5.4.4前的5.x版本和6.0.6.2前的6.x版本存在漏洞。远程攻击者可以借助畸形(1)AVI,(2)BMP或者(3)DIB文件导致服务拒绝(应用程序崩溃)或可能执行任意代码。

- 公告与补丁

        The vendor has addressed this issue in Imlib2 1.1.2. Reportedly, this fix is available through CVS:
        http://cvs.sourceforge.net/viewcvs.py/enlightenment/e17/
        Please see the referenced advisories for more information.
        Sun Solaris 10
        
        RedHat Fedora Core2
        
        RedHat Fedora Core1
        
        Sun Solaris 10_x86
        
        Sun Solaris 9
        
        Sun Solaris 9_x86
        
        Enlightenment Imlib2 1.0.5
        

- 漏洞信息 (F34386)

dsa-547.txt (PacketStormID:F34386)
2004-09-17 00:00:00
Marcus Meissner  debian.org
advisory,overflow,arbitrary
linux,suse,debian
CVE-2004-0827
[点击下载]

Debian Security Advisory DSA 547-1 - SUSE has discovered several buffer overflows in the ImageMagick graphics library. An attacker could create a malicious image or video file in AVI, BMP, or DIB format that could crash the reading process. It might be possible that carefully crafted images could also allow to execute arbitrary code with the capabilities of the invoking process.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 547-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
September 16th, 2004                    http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : imagemagic
Vulnerability  : buffer overflows
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2004-0827
Debian Bug     : 268357

Marcus Meissner from SUSE has discovered several buffer overflows in
the ImageMagick graphics library.  An attacker could create a
malicious image or video file in AVI, BMP, or DIB format that could
crash the reading process.  It might be possible that carefully
crafted images could also allow to execute arbitrary code with the
capabilities of the invoking process.

For the stable distribution (woody) this problem has been fixed in
version 5.4.4.5-1woody3.

For the unstable distribution (sid) this problem has been fixed in
version 6.0.6.2-1.

We recommend that you upgrade your imagemagick packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3.dsc
      Size/MD5 checksum:      852 bd30219ef391bf92ddd1d9440bb204c8
    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3.diff.gz
      Size/MD5 checksum:    15029 919a9ce109d79cbd46be07600659ad23
    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5.orig.tar.gz
      Size/MD5 checksum:  3901237 f35e356b4ac1ebc58e3cffa7ea7abc07

  Alpha architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_alpha.deb
      Size/MD5 checksum:  1309670 da500b46b1267ff4d03976e308065acd
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_alpha.deb
      Size/MD5 checksum:   154074 6971608db558ff0782c3ad0ae009462c
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_alpha.deb
      Size/MD5 checksum:    56140 092caa97de894d81df0140dd2b28dae4
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_alpha.deb
      Size/MD5 checksum:   833318 10bbbd147658ead4decfda1df4e18a1d
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_alpha.deb
      Size/MD5 checksum:    67182 12ff257149eabf085a6dfce68053f402
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_alpha.deb
      Size/MD5 checksum:   113698 9f081ff178091a2e608d067790d01436

  ARM architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_arm.deb
      Size/MD5 checksum:  1296992 05fa897edf7b0d89995491f4ba449688
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_arm.deb
      Size/MD5 checksum:   118588 6f9a48ee452713a8e55ab41be4ef470c
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_arm.deb
      Size/MD5 checksum:    56186 1ad5494d3584fcc8a0a5b80b8a393c03
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_arm.deb
      Size/MD5 checksum:   898494 f07051e3c12c743335abf1a0485cf03c
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_arm.deb
      Size/MD5 checksum:    67226 fdf2758a658b2327166a757e69b47851
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_arm.deb
      Size/MD5 checksum:   109822 9b76a15b68ae88c118c589e33db86b96

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_i386.deb
      Size/MD5 checksum:  1295002 649843a11bd6e67e716a7b428a003ed7
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_i386.deb
      Size/MD5 checksum:   122680 df5253599920dcc08e930b9fb066f5ab
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_i386.deb
      Size/MD5 checksum:    56154 c88abf1babb06cbf1fb331867e07b0f7
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_i386.deb
      Size/MD5 checksum:   772402 b4af59f9a6b39ba622f7044a6c803098
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_i386.deb
      Size/MD5 checksum:    67192 93da49b34877c0d0a1cc5401d015f3ec
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_i386.deb
      Size/MD5 checksum:   106814 31e28aa6bb9018089636a765542292f4

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_ia64.deb
      Size/MD5 checksum:  1336076 83a4c1a3cb25f72329af8c1911155364
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_ia64.deb
      Size/MD5 checksum:   136966 32bcfb89db6ef6303259b89690f6b34a
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_ia64.deb
      Size/MD5 checksum:    56144 cc7a6e8c841953f5c2f28172f3339bdf
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_ia64.deb
      Size/MD5 checksum:  1359876 b859f2de467d20bc88a49d5255113518
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_ia64.deb
      Size/MD5 checksum:    67184 b1c6c79044eaee12ea665e838173e644
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_ia64.deb
      Size/MD5 checksum:   132808 64357db2d047e28efb6ecf34712f81d4

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_hppa.deb
      Size/MD5 checksum:  1297246 d91a93010d0a9b06ef2e7e7c24067eab
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_hppa.deb
      Size/MD5 checksum:   132754 d94ce1833a7622ec7cb1e87e1f7d4d1f
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_hppa.deb
      Size/MD5 checksum:    56178 227dc8a44dec7c8f5ffd7d04d007bf5a
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_hppa.deb
      Size/MD5 checksum:   859610 5e31aa4f3847a122c9b028a7e4cc53c2
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_hppa.deb
      Size/MD5 checksum:    67224 1aa9441ecd0df3be9c9c521c023235f4
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_hppa.deb
      Size/MD5 checksum:   117068 569cddc344832c2651a09302adcb4be9

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_m68k.deb
      Size/MD5 checksum:  1292374 d33d961d168fa1da3e81258593f6cad1
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_m68k.deb
      Size/MD5 checksum:   133904 818babd031d9464983228be672f3ba63
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_m68k.deb
      Size/MD5 checksum:    56194 62f0e0c37d37def3276b472748baf09c
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_m68k.deb
      Size/MD5 checksum:   751662 f15c730f9e533099c4a4fffc43b97320
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_m68k.deb
      Size/MD5 checksum:    67248 e745b4e81854b018b410351f06d4f9f5
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_m68k.deb
      Size/MD5 checksum:   107322 00fa726acbc7db8761babcf7c3f12b6c

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_mips.deb
      Size/MD5 checksum:  1294824 e1c5c5962301328b006f84d9f4552473
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_mips.deb
      Size/MD5 checksum:   120156 e8682a8b9ae6add5268a36d40c7cf60c
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_mips.deb
      Size/MD5 checksum:    56204 39898ed1a2842b4af52cecb46dc11e01
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_mips.deb
      Size/MD5 checksum:   732964 a4fb5327892e275223584dac87fd5f70
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_mips.deb
      Size/MD5 checksum:    67238 08cab47dc272d5c79268616d4cfdafc4
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_mips.deb
      Size/MD5 checksum:   103238 74db9479973dd03fa2043b86c09e6f54

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_mipsel.deb
      Size/MD5 checksum:  1294630 0567612bd39cbb9e112305e981f3dddb
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_mipsel.deb
      Size/MD5 checksum:   113644 9f02d8c68dc3a3ec3ac1a0bbefaf3cd4
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_mipsel.deb
      Size/MD5 checksum:    56188 197d278743e9a63d2965debf6307e229
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_mipsel.deb
      Size/MD5 checksum:   720946 267d45b9082758cb6d248d4835d7a906
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_mipsel.deb
      Size/MD5 checksum:    67222 9288acd5cf8e0d954a698a57490bdf9f
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_mipsel.deb
      Size/MD5 checksum:   102766 8c1f9380559702fc5763cc3591d289a6

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_powerpc.deb
      Size/MD5 checksum:  1291356 13b81750624a3251a6bf6c73a41ddffc
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_powerpc.deb
      Size/MD5 checksum:   135816 6bb64246e67de0778d6f92f126e6cedd
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_powerpc.deb
      Size/MD5 checksum:    56162 7f8990171bc17c386d1fd59f76d8d0f5
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_powerpc.deb
      Size/MD5 checksum:   785946 30216abae843bfb90a40ed0e54899648
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_powerpc.deb
      Size/MD5 checksum:    67212 a42b2482a1cabaeaba2a0464bd50d197
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_powerpc.deb
      Size/MD5 checksum:   111830 a2b06d2e30c5acb8384896d66cd6ec56

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_s390.deb
      Size/MD5 checksum:  1292026 87ad365ff0f76a959d15e6791099861e
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_s390.deb
      Size/MD5 checksum:   131922 b592d2de28c42fad73003745620ba6a6
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_s390.deb
      Size/MD5 checksum:    56168 27d05d99677a8f05814991d6c54d3125
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_s390.deb
      Size/MD5 checksum:   777904 28d8e1d90473b7fd9de7008133826106
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_s390.deb
      Size/MD5 checksum:    67210 bc6bc6951ac1845ad2c2576ba12b4144
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_s390.deb
      Size/MD5 checksum:   108872 3a9b40bd966e82e72b6083933257b108

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_sparc.deb
      Size/MD5 checksum:  1295066 75a65f7dc635c36b0e106f320fc003b9
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_sparc.deb
      Size/MD5 checksum:   123762 f1e8dd9d054f5c6720ef3a72e9292956
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_sparc.deb
      Size/MD5 checksum:    56180 aab8608e0ebb8bfb114517afb32731bf
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_sparc.deb
      Size/MD5 checksum:   802498 afed76b4789398a8844af142ded2612c
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_sparc.deb
      Size/MD5 checksum:    67216 99ac5d6fd3dabef7acec81b29a90fc9c
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_sparc.deb
      Size/MD5 checksum:   112778 b263339035dad232832a8b48dc221ed8


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBSWaXW5ql+IAeqTIRAj1ZAJ9VR7hkBDz+AmfPv+Bw2JwccVYEZACfVKIl
3Pm+0xstcyvYu2/r9aIc7wc=
=+X6V
-----END PGP SIGNATURE-----
    

- 漏洞信息

9378
ImageMagick runlength-encoded BMP Image Decoding Overflow
Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2004-08-24 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 5.5.7-28, 6.0.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站