CVE-2006-0082
CVSS5.1
发布时间 :2006-01-04 18:03:00
修订时间 :2011-03-07 00:00:00
NMCOP    

[原文]Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program.


[CNNVD]ImageMagick文件名处理远程格式化字符串漏洞(CNNVD-200601-018)

        ImageMagick 6.2.3和其他版本以及GraphicsMagick中的image.c的SetImageInfo函数中的格式化字符串漏洞,可让需要用户协助的攻击者通过文件名中的数值格式化字符串说明符(如%d)使系统拒绝服务(崩溃),并可能执行任意代码。

- CVSS (基础分值)

CVSS分值: 5.1 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-134 []

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10717Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows use...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0082
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0082
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200601-018
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/12717
(PATCH)  BID  12717
http://www.gentoo.org/security/en/glsa/glsa-200602-13.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200602-13.xml
http://www.gentoo.org/security/en/glsa/glsa-200602-06.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200602-06
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.341682
(PATCH)  SLACKWARE  SSA:2006-045-03
http://secunia.com/advisories/19183
(VENDOR_ADVISORY)  SECUNIA  19183
http://secunia.com/advisories/19030
(VENDOR_ADVISORY)  SECUNIA  19030
http://secunia.com/advisories/18851
(VENDOR_ADVISORY)  SECUNIA  18851
http://secunia.com/advisories/18607
(VENDOR_ADVISORY)  SECUNIA  18607
ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc
(PATCH)  SGI  20060301-01-U
https://issues.rpath.com/browse/RPL-389
(UNKNOWN)  CONFIRM  https://issues.rpath.com/browse/RPL-389
http://www.vupen.com/english/advisories/2008/0412
(VENDOR_ADVISORY)  VUPEN  ADV-2008-0412
http://www.ubuntu.com/usn/usn-246-1
(UNKNOWN)  UBUNTU  USN-246-1
http://www.securityfocus.com/archive/1/archive/1/452718/100/100/threaded
(UNKNOWN)  BUGTRAQ  20061127 rPSA-2006-0218-1 ImageMagick
http://www.novell.com/linux/security/advisories/2006_06_sr.html
(UNKNOWN)  SUSE  SUSE-SR:2006:006
http://www.mandriva.com/security/advisories?name=MDKSA-2006:024
(UNKNOWN)  MANDRIVA  MDKSA-2006:024
http://www.debian.org/security/2006/dsa-1213
(UNKNOWN)  DEBIAN  DSA-1213
http://sunsolve.sun.com/search/document.do?assetkey=1-26-231321-1
(UNKNOWN)  SUNALERT  231321
http://securitytracker.com/id?1015623
(UNKNOWN)  SECTRACK  1015623
http://securityreason.com/securityalert/500
(UNKNOWN)  SREASON  500
http://secunia.com/advisories/28800
(VENDOR_ADVISORY)  SECUNIA  28800
http://secunia.com/advisories/23090
(VENDOR_ADVISORY)  SECUNIA  23090
http://secunia.com/advisories/22998
(VENDOR_ADVISORY)  SECUNIA  22998
http://secunia.com/advisories/19408
(VENDOR_ADVISORY)  SECUNIA  19408
http://secunia.com/advisories/18871
(VENDOR_ADVISORY)  SECUNIA  18871
http://secunia.com/advisories/18261
(VENDOR_ADVISORY)  SECUNIA  18261
http://rhn.redhat.com/errata/RHSA-2006-0178.html
(UNKNOWN)  REDHAT  RHSA-2006:0178
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345876
(VENDOR_ADVISORY)  CONFIRM  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345876

- 漏洞信息

ImageMagick文件名处理远程格式化字符串漏洞
中危 格式化字符串
2006-01-04 00:00:00 2006-08-28 00:00:00
远程  
        ImageMagick 6.2.3和其他版本以及GraphicsMagick中的image.c的SetImageInfo函数中的格式化字符串漏洞,可让需要用户协助的攻击者通过文件名中的数值格式化字符串说明符(如%d)使系统拒绝服务(崩溃),并可能执行任意代码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Sun Solaris 10
        Sun 136882-01
        http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -136882-01-1
        RedHat Fedora Core2
        Fedora ImageMagick-6.2.0.7-2.fc2.4.legacy.i386.rpm
        RedHat Fedora Core 2
        http://download.fedoralegacy.org/fedora/2/updates/i386/ImageMagick-6.2 .0.7-2.fc2.4.legacy.i386.rpm
        Fedora ImageMagick-c++-6.2.0.7-2.fc2.4.legacy.i386.rpm
        RedHat Fedora Core 2
        http://download.fedoralegacy.org/fedora/2/updates/i386/ImageMagick-c++ -6.2.0.7-2.fc2.4.legacy.i386.rpm
        Fedora ImageMagick-c++-devel-6.2.0.7-2.fc2.4.legacy.i386.rpm
        RedHat Fedora Core 2
        http://download.fedoralegacy.org/fedora/2/updates/i386/ImageMagick-c++ -devel-6.2.0.7-2.fc2.4.legacy.i386.rpm
        Fedora ImageMagick-devel-6.2.0.7-2.fc2.4.legacy.i386.rpm
        RedHat Fedora Core 2
        http://download.fedoralegacy.org/fedora/2/updates/i386/ImageMagick-dev el-6.2.0.7-2.fc2.4.legacy.i386.rpm
        Fedora ImageMagick-perl-6.2.0.7-2.fc2.4.legacy.i386.rpm
        RedHat Fedora Core 2
        http://download.fedoralegacy.org/fedora/2/updates/i386/ImageMagick-per l-6.2.0.7-2.fc2.4.legacy.i386.rpm
        RedHat Fedora Core1
        Fedora ImageMagick-5.5.6-13.legacy.i386.rpm
        RedHat Fedora Core 1
        http://download.fedoralegacy.org/fedora/1/updates/i386/ImageMagick-5.5 .6-13.legacy.i386.rpm
        Fedora ImageMagick-c++-5.5.6-13.legacy.i386.rpm
        RedHat Fedora Core 1
        http://download.fedoralegacy.org/fedora/1/updates/i386/ImageMagick-c++ -5.5.6-13.legacy.i386.rpm
        Fedora ImageMagick-c++-devel-5.5.6-13.legacy.i386.rpm
        RedHat Fedora Core 1
        http://download.fedoralegacy.org/fedora/1/updates/i386/ImageMagick-c++ -devel-5.5.6-13.legacy.i386.rpm
        Fedora ImageMagick-devel-5.5.6-13.legacy.i386.rpm
        RedHat Fedora Core 1
        http://download.fedoralegacy.org/fedora/1/updates/i386/ImageMagick-dev el-5.5.6-13.legacy.i386.rpm
        Fedora ImageMagick-perl-5.5.6-13.legacy.i386.rpm
        RedHat Fedora Core 1
        http://download.fedoralegacy.org/fedora/1/updates/i386/ImageMagick-per l-5.5.6-13.legacy.i386.rpm
        Sun Solaris 10_x86
        Sun 136883-01
        http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -136883-01-1
        ImageMagick ImageMagick 5.4.4 .5
        Debian imagemagick_5.4.4.5-1woody6_alpha.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick _5.4.4.5-1woody6_alpha.deb
        Debian imagemagick_5.4.4.5-1woody6_arm.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick _5.4.4.5-1woody6_arm.deb
        Debian imagemagick_5.4.4.5-1woody6_hppa.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick _5.4.4.5-1woody6_hppa.deb
        Debian imagemagick_5.4.4.5-1woody6_i386.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick _5.4.4.5-1woody6_i386.deb
        Debian imagemagick_5.4.4.5-1woody6_ia64.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick _5.4.4.5-1woody6_ia64.deb
        Debian imagemagick_5.4.4.5-1woody6_m68k.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick _5.4.4.5-1woody6_m68k.deb
        Debian imagemagick_5.4.4.5-1woody6_mips.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick _5.4.4.5-1woody6_mips.deb
        Debian imagemagick_5.4.4.5-1woody6_mipsel.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick _5.4.4.5-1woody6_mipsel.deb
        Debian imagemagick_5.4.4.5-1woody6_powerpc.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick _5.4.4.5-1woody6_powerpc.deb
        Debian imagemagick_5.4.4.5-1woody6_s390.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick _5.4.4.5-1woody6_s390.deb
        Debian imagemagick_5.4.4.5-1woody6_sparc.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick _5.4.4.5-1woody6_sparc.deb
        Debia

- 漏洞信息 (F52336)

Debian Linux Security Advisory 1213-1 (PacketStormID:F52336)
2006-11-20 00:00:00
Debian  debian.org
advisory,remote,arbitrary,vulnerability
linux,debian
CVE-2006-0082,CVE-2006-4144,CVE-2006-5456,CVE-2006-5868
[点击下载]

Debian Security Advisory 1213-1 - Several remote vulnerabilities have been discovered in Imagemagick, a collection of image manipulation programs, which may lead to the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1213-1                    security@debian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
November 19th, 2006                     http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : imagemagick
Vulnerability  : several
Problem-Type   : local(remote)
Debian-specific: no
CVE ID         : CVE-2006-0082 CVE-2006-4144 CVE-2006-5456 CVE-2006-5868
Debian Bug     : 345876 383314 393025

Several remote vulnerabilities have been discovered in Imagemagick,
a collection of image manipulation programs, which may lead to the
execution of arbitrary code. The Common Vulnerabilities and Exposures
project identifies the following problems:

CVE-2006-0082

    Daniel Kobras discovered that Imagemagick is vulnerable to format
    string attacks in the filename parsing code.

CVE-2006-4144

    Damian Put discovered that Imagemagick is vulnerable to buffer
    overflows in the module for SGI images.

CVE-2006-5456

    M Joonas Pihlaja discovered that Imagemagick is vulnerable to buffer
    overflows in the module for DCM and PALM images.

CVE-2006-5868

    Daniel Kobras discovered that Imagemagick is vulnerable to buffer
    overflows in the module for SGI images.

This update also adresses regressions in the XCF codec, which were
introduced in the previous security update.

For the stable distribution (sarge) these problems have been fixed in
version 6:6.0.6.2-2.8.

For the upcoming stable distribution (etch) these problems have been
fixed in version 7:6.2.4.5.dfsg1-0.11.

For the unstable distribution (sid) these problems have been fixed in
version 7:6.2.4.5.dfsg1-0.11.

We recommend that you upgrade your imagemagick packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8.dsc
      Size/MD5 checksum:      881 0f3c7174962dcaf0be7b3027312d3438
    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8.diff.gz
      Size/MD5 checksum:   142001 c2be91d527c1714ee0ece93b090792c7
    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2.orig.tar.gz
      Size/MD5 checksum:  6824001 477a361ba0154cc2423726fab4a3f57c

  Alpha architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_alpha.deb
      Size/MD5 checksum:  1469720 b311ede0075f36157e9c9c244a382cb6
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_alpha.deb
      Size/MD5 checksum:   173974 34306082902f34914d4d0823f0e153c8
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_alpha.deb
      Size/MD5 checksum:   288800 fa2b7d2ad5708e66fbc5c14f830bace0
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_alpha.deb
      Size/MD5 checksum:  1285588 cabe582c14962459c8bc8dffc7d3a516
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_alpha.deb
      Size/MD5 checksum:  2204442 080e9f6d25c7b1f1df10dd1828f85273
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_alpha.deb
      Size/MD5 checksum:   143902 98099204464269c5386244cb1fee775f

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_amd64.deb
      Size/MD5 checksum:  1466352 d50a197f3c3f0e15f1530d56177a1c72
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_amd64.deb
      Size/MD5 checksum:   163602 642d806539f42d3bd3645edb021bae16
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_amd64.deb
      Size/MD5 checksum:   228744 9b7c462060e0769f1561da5dcfb32dee
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_amd64.deb
      Size/MD5 checksum:  1194980 51182a82a05f1f47c435f246a21469ad
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_amd64.deb
      Size/MD5 checksum:  1550348 43d9d80bd42b3dc6f6d611a997a17c2e
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_amd64.deb
      Size/MD5 checksum:   231800 6375c61e8edc60fa928665cf45ec011c

  ARM architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_arm.deb
      Size/MD5 checksum:  1466148 a0c6fcb562afa6d5f8736beda4dade43
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_arm.deb
      Size/MD5 checksum:   149342 9a184c8f6d3d204748ed30a1c57dbd1f
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_arm.deb
      Size/MD5 checksum:   234806 0d4865aaf1dd850604ce9b728e65def6
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_arm.deb
      Size/MD5 checksum:  1204646 02fbc1c7b8b98d1977e4861211f1255a
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_arm.deb
      Size/MD5 checksum:  1647698 cef197d1c2ce919413ab12bd1b99187a
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_arm.deb
      Size/MD5 checksum:   230484 5b5dbe487dc580a5f164cf862552ab4d

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_hppa.deb
      Size/MD5 checksum:  1468290 329777db0d2b061398268f9fd8d6a7a7
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_hppa.deb
      Size/MD5 checksum:   182170 e190aad821d4e96ba2b84fc4d3b49da8
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_hppa.deb
      Size/MD5 checksum:   273890 434201d0f53175e739ce45addbe2ce01
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_hppa.deb
      Size/MD5 checksum:  1404728 cfe2739dac2b84497a00f92b5c4b36ad
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_hppa.deb
      Size/MD5 checksum:  1827810 14e7e2febd80f1551cfa9b035ed9222c
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_hppa.deb
      Size/MD5 checksum:   243804 e4bfc17d51547976f7f4db09f6cc6997

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_i386.deb
      Size/MD5 checksum:  1466106 0ee2e904990dbcbeee0b90c2fa95ac62
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_i386.deb
      Size/MD5 checksum:   164440 708d64c7a92419a98e7d305089b1b0c4
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_i386.deb
      Size/MD5 checksum:   208932 eed51be1f03a91e624194e9dea211ff2
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_i386.deb
      Size/MD5 checksum:  1172262 22f32c18dc71c7b24eff16f1fec1c243
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_i386.deb
      Size/MD5 checksum:  1507516 ea9e1148fa72e6be94462a46d30304b0
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_i386.deb
      Size/MD5 checksum:   233964 e47cbf76b993c0eb44adcf85e125d75c

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_ia64.deb
      Size/MD5 checksum:  1468472 6b31e556cf944fe2d89ad8d2c09cc43a
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_ia64.deb
      Size/MD5 checksum:   188272 7bf4012fe64aa60c8aac88b263b620c4
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_ia64.deb
      Size/MD5 checksum:   295958 dcf1b145b868414bd2357d21ace70fb2
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_ia64.deb
      Size/MD5 checksum:  1605554 7ab0f7944f25bbaca6266e3bce816132
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_ia64.deb
      Size/MD5 checksum:  2132552 7324f4a81b5496cc7c9182ae2bb082fb
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_ia64.deb
      Size/MD5 checksum:   273506 fa943563a08e04b06c0632afe7f4bc92

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_m68k.deb
      Size/MD5 checksum:  1466154 1f5c2b36763032352c2b45144517a5b8
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_m68k.deb
      Size/MD5 checksum:   159998 624ebcd80f960f7227095411cbdfb90c
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_m68k.deb
      Size/MD5 checksum:   210680 91b3bafec7f54823cb2720966fcc4825
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_m68k.deb
      Size/MD5 checksum:  1073256 b7f77626db0631d990422a3cae43f517
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_m68k.deb
      Size/MD5 checksum:  1288834 fd7af651e4d2d5124b45228d30dc6737
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_m68k.deb
      Size/MD5 checksum:   226942 f097f5c845a1159029271cba7112141f

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_mips.deb
      Size/MD5 checksum:  1490232 6aff49b4b30fc146abde3fcbefe85d5f
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_mips.deb
      Size/MD5 checksum:   155500 416074125be015d5c49a90ac032c5182
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_mips.deb
      Size/MD5 checksum:   254800 b8f762578afa79b0210dec43547917a4
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_mips.deb
      Size/MD5 checksum:  1119320 6c778533f22c4f7e7c1dd268b5b59c3a
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_mips.deb
      Size/MD5 checksum:  1704446 6855a0354042ab9b283bc3966f4f665f
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_mips.deb
      Size/MD5 checksum:   131304 74185bb1115a3bcd50085df4fac2e50f

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_mipsel.deb
      Size/MD5 checksum:  1490202 bd3a8c344eb9927d656543c20d784f38
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_mipsel.deb
      Size/MD5 checksum:   151598 d903083280a2428e35516444c93c7d03
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_mipsel.deb
      Size/MD5 checksum:   250056 7c7c6a65f433eee855e775b2e4eafcf3
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_mipsel.deb
      Size/MD5 checksum:  1114750 13012fdd898b1aa77267f90b73563e50
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_mipsel.deb
      Size/MD5 checksum:  1667906 1aeb160d222b005e4103c715d964b0db
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_mipsel.deb
      Size/MD5 checksum:   130912 84b347ac516de3a89060c2e010a63cf0

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_powerpc.deb
      Size/MD5 checksum:  1471774 5e218bb6d5e36cf50c80ebbf77a56abe
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_powerpc.deb
      Size/MD5 checksum:   156748 4564f4918218c6e6c60fe587fd25d118
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_powerpc.deb
      Size/MD5 checksum:   227722 5eba56a195be2aca1354fce454293a9f
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_powerpc.deb
      Size/MD5 checksum:  1169510 92e5f7ca8fdf727e3a88a48262219c8e
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_powerpc.deb
      Size/MD5 checksum:  1684852 dc528d0a8080493c028bfca9665dcca3
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_powerpc.deb
      Size/MD5 checksum:   270502 cc408c569b2ce9d03576b4bd9bcb0cb0

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_s390.deb
      Size/MD5 checksum:  1467494 d1a9308491175f690a73f720caa7532b
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_s390.deb
      Size/MD5 checksum:   180486 6693ec2651a6f959a7f3f08efbeeea6f
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_s390.deb
      Size/MD5 checksum:   230182 93a55b0f22a8339b13e2816a970ca102
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_s390.deb
      Size/MD5 checksum:  1194334 e93c9333e1adc98bb7b99e6d2904d995
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_s390.deb
      Size/MD5 checksum:  1530886 db33e6bb01f6d927c02053f0cdd4bf89
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_s390.deb
      Size/MD5 checksum:   242114 51baccefbc53499f3514911521d76c76

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_sparc.deb
      Size/MD5 checksum:  1465694 d77c64a8e1c40678070a79011abcb8a5
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_sparc.deb
      Size/MD5 checksum:   161036 dadfff14cc51b0fb9561bf6469b61a3e
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_sparc.deb
      Size/MD5 checksum:   224332 c8ebb9dbff86871dc12e3d5ae275bc12
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_sparc.deb
      Size/MD5 checksum:  1249156 461cd22009434968fd4011481ce01044
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_sparc.deb
      Size/MD5 checksum:  1684366 00b473e9bf9e417a4f0bcff753ed727b
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_sparc.deb
      Size/MD5 checksum:   230898 020b71df283f6391f3a15415be45a375


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFYFEwXm3vHE4uyloRArXzAJ0YznPidHhiaFobF4vjb/1lmUUxLwCcDFt9
UuEPCaiPwXcaFELt0v+3GWA=
=Gh4l
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息

22671
ImageMagick File Name Handling Numeric Format String
Local / Remote, Context Dependent Input Manipulation
Loss of Integrity
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2006-01-04 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站