CVE-2006-3743
CVSS5.1
发布时间 :2006-08-24 21:04:00
修订时间 :2011-03-07 21:39:23
NMCOPS    

[原文]Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted attackers to execute arbitrary code via crafted XCF images.


[CNNVD]ImageMagick XCF图像文件远程多个不明缓冲区溢出漏洞(CNNVD-200608-408)

        ImageMagick 6.2.9之前的版本中存在多个缓冲区溢出漏洞,用户辅助攻击者可借助一个特制的XCF图像文件执行任意代码。

- CVSS (基础分值)

CVSS分值: 5.1 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:imagemagick:imagemagick:6.2.3ImageMagick 6.2.3
cpe:/a:imagemagick:imagemagick:6.2.6ImageMagick 6.2.6
cpe:/a:imagemagick:imagemagick:6.2.5ImageMagick 6.2.5
cpe:/a:imagemagick:imagemagick:6.2.0.8ImageMagick 6.2.0.8
cpe:/a:imagemagick:imagemagick:6.2.0.4ImageMagick 6.2.0.4
cpe:/a:imagemagick:imagemagick:6.2.1.7ImageMagick 6.2.1.7
cpe:/a:imagemagick:imagemagick:6.2.4.5ImageMagick 6.2.4.5
cpe:/a:imagemagick:imagemagick:6.2.8ImageMagick 6.2.8
cpe:/a:imagemagick:imagemagick:6.2.1ImageMagick 6.2.1
cpe:/a:imagemagick:imagemagick:6.2.0.7ImageMagick 6.2.0.7
cpe:/a:imagemagick:imagemagick:6.2.7ImageMagick 6.2.7
cpe:/a:imagemagick:imagemagick:6.2.2.5ImageMagick 6.2.2.5
cpe:/a:imagemagick:imagemagick:6.2.2ImageMagick 6.2.2
cpe:/a:imagemagick:imagemagick:6.2.3.6ImageMagick 6.2.3.6
cpe:/a:imagemagick:imagemagick:6.2ImageMagick 6.2
cpe:/a:imagemagick:imagemagick:6.2.4ImageMagick 6.2.4

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9895Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted attackers to execute arbitrary code via crafted XCF images.
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3743
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3743
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200608-408
(官方数据源) CNNVD

- 其它链接及资源

http://www.ubuntu.com/usn/usn-340-1
(PATCH)  UBUNTU  USN-340-1
http://www.securityfocus.com/bid/19697
(PATCH)  BID  19697
http://www.redhat.com/support/errata/RHSA-2006-0633.html
(PATCH)  REDHAT  RHSA-2006:0633
http://www.osvdb.org/28205
(PATCH)  OSVDB  28205
http://www.novell.com/linux/security/advisories/2006_50_imagemagick.html
(VENDOR_ADVISORY)  SUSE  SUSE-SA:2006:050
http://www.debian.org/security/2006/dsa-1168
(VENDOR_ADVISORY)  DEBIAN  DSA-1168
http://securitytracker.com/id?1016749
(PATCH)  SECTRACK  1016749
http://secunia.com/advisories/21832
(VENDOR_ADVISORY)  SECUNIA  21832
http://secunia.com/advisories/21780
(VENDOR_ADVISORY)  SECUNIA  21780
http://secunia.com/advisories/21719
(VENDOR_ADVISORY)  SECUNIA  21719
http://secunia.com/advisories/21679
(VENDOR_ADVISORY)  SECUNIA  21679
http://secunia.com/advisories/21671
(VENDOR_ADVISORY)  SECUNIA  21671
http://secunia.com/advisories/21621
(VENDOR_ADVISORY)  SECUNIA  21621
http://secunia.com/advisories/21615
(VENDOR_ADVISORY)  SECUNIA  21615
http://bugs.gentoo.org/show_bug.cgi?id=144854
(PATCH)  MISC  http://bugs.gentoo.org/show_bug.cgi?id=144854
https://issues.rpath.com/browse/RPL-605
(UNKNOWN)  CONFIRM  https://issues.rpath.com/browse/RPL-605
http://xforce.iss.net/xforce/xfdb/28575
(UNKNOWN)  XF  imagemagick-propuserunit-bo(28575)
http://www.vupen.com/english/advisories/2006/3375
(UNKNOWN)  VUPEN  ADV-2006-3375
http://www.mandriva.com/security/advisories?name=MDKSA-2006:155
(UNKNOWN)  MANDRIVA  MDKSA-2006:155
http://security.gentoo.org/glsa/glsa-200609-14.xml
(UNKNOWN)  GENTOO  GLSA-200609-14
http://secunia.com/advisories/22096
(UNKNOWN)  SECUNIA  22096
http://secunia.com/advisories/22036
(UNKNOWN)  SECUNIA  22036
ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
(UNKNOWN)  SGI  20060901-01-P

- 漏洞信息

ImageMagick XCF图像文件远程多个不明缓冲区溢出漏洞
中危 缓冲区溢出
2006-08-24 00:00:00 2006-09-19 00:00:00
远程  
        ImageMagick 6.2.9之前的版本中存在多个缓冲区溢出漏洞,用户辅助攻击者可借助一个特制的XCF图像文件执行任意代码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        ImageMagick ImageMagick 6.0.6.2
        Debian imagemagick_6.0.6.2-2.7_alpha.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick _6.0.6.2-2.7_alpha.deb
        Debian imagemagick_6.0.6.2-2.7_amd64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick _6.0.6.2-2.7_amd64.deb
        Debian imagemagick_6.0.6.2-2.7_arm.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick _6.0.6.2-2.7_arm.deb
        Debian imagemagick_6.0.6.2-2.7_hppa.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick _6.0.6.2-2.7_hppa.deb
        Debian imagemagick_6.0.6.2-2.7_i386.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick _6.0.6.2-2.7_i386.deb
        Debian imagemagick_6.0.6.2-2.7_ia64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick _6.0.6.2-2.7_ia64.deb
        Debian imagemagick_6.0.6.2-2.7_m68k.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick _6.0.6.2-2.7_m68k.deb
        Debian imagemagick_6.0.6.2-2.7_mips.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick _6.0.6.2-2.7_mips.deb
        Debian imagemagick_6.0.6.2-2.7_mipsel.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick _6.0.6.2-2.7_mipsel.deb
        Debian imagemagick_6.0.6.2-2.7_powerpc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick _6.0.6.2-2.7_powerpc.deb
        Debian imagemagick_6.0.6.2-2.7_s390.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick _6.0.6.2-2.7_s390.deb
        Debian imagemagick_6.0.6.2-2.7_sparc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick _6.0.6.2-2.7_sparc.deb
        Debian libmagick++6-dev_6.0.6.2-2.7_alpha.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++ 6-dev_6.0.6.2-2.7_alpha.deb
        Debian libmagick++6-dev_6.0.6.2-2.7_amd64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++ 6-dev_6.0.6.2-2.7_amd64.deb
        Debian libmagick++6-dev_6.0.6.2-2.7_arm.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++ 6-dev_6.0.6.2-2.7_arm.deb
        Debian libmagick++6-dev_6.0.6.2-2.7_hppa.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++ 6-dev_6.0.6.2-2.7_hppa.deb
        Debian libmagick++6-dev_6.0.6.2-2.7_i386.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++ 6-dev_6.0.6.2-2.7_i386.deb
        Debian libmagick++6-dev_6.0.6.2-2.7_ia64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++ 6-dev_6.0.6.2-2.7_ia64.deb
        Debian libmagick++6-dev_6.0.6.2-2.7_m68k.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++ 6-dev_6.0.6.2-2.7_m68k.deb
        Debian libmagick++6-dev_6.0.6.2-2.7_mips.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++ 6-dev_6.0.6.2-2.7_mips.deb
        Debian libmagick++6-dev_6.0.6.2-2.7_mipsel.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++ 6-dev_6.0.6.2-2.7_mipsel.deb
        Debian libmagick++6-dev_6.0.6.2-2.7_powerpc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++ 6-dev_6.0.6.2-2.7_powerpc.deb
        Debian libmagick++6-dev_6.0.6.2-2.7_s390.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/i/imagemagick/libm

- 漏洞信息 (F49768)

Ubuntu Security Notice 340-1 (PacketStormID:F49768)
2006-09-07 00:00:00
Ubuntu  security.ubuntu.com
advisory,overflow,arbitrary
linux,ubuntu
CVE-2006-3743,CVE-2006-3744
[点击下载]

Ubuntu Security Notice USN-340-1 - Tavis Ormandy discovered several buffer overflows in imagemagick's Sun Raster and XCF (Gimp) image decoders. By tricking a user or automated system into processing a specially crafted image, this could be exploited to execute arbitrary code with the users' privileges.

=========================================================== 
Ubuntu Security Notice USN-340-1         September 06, 2006
imagemagick vulnerabilities
CVE-2006-3743, CVE-2006-3744
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  libmagick6                               6:6.0.6.2-2.1ubuntu1.4

Ubuntu 5.10:
  libmagick6                               6:6.2.3.4-1ubuntu1.3

Ubuntu 6.06 LTS:
  libmagick9                               6:6.2.4.5-0.6ubuntu0.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Tavis Ormandy discovered several buffer overflows in imagemagick's Sun
Raster and XCF (Gimp) image decoders. By tricking a user or automated
system into processing a specially crafted image, this could be
exploited to execute arbitrary code with the users' privileges.


Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.4.diff.gz
      Size/MD5:   143874 bd710b48cad9d3d0266fa4dcd5523a48
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.4.dsc
      Size/MD5:      899 e531cba19eb8e41c60e101cc6e79a486
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2.orig.tar.gz
      Size/MD5:  6824001 477a361ba0154cc2423726fab4a3f57c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.4_amd64.deb
      Size/MD5:  1466542 7f9e75099eed68669d5784876ae6066b
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.1ubuntu1.4_amd64.deb
      Size/MD5:   229066 0db412e0a3bcf57d371eabbe1913fd24
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.6.2-2.1ubuntu1.4_amd64.deb
      Size/MD5:   163878 3134724644ad57be626b8ff613a4c835
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.1ubuntu1.4_amd64.deb
      Size/MD5:  1551292 62abe53d84248daa41b5c851a3497c7a
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.6.2-2.1ubuntu1.4_amd64.deb
      Size/MD5:  1195038 201931b29c9950dd1027bfe217be6462
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.6.2-2.1ubuntu1.4_amd64.deb
      Size/MD5:   232130 b854f8b1de8e335d3e4e4d16ddce8cf8

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.4_i386.deb
      Size/MD5:  1465282 3c6d5443fe05ec3975766b03b3c763ef
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.1ubuntu1.4_i386.deb
      Size/MD5:   209096 eb535269e229ebfbd222bb956bdb7e6a
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.6.2-2.1ubuntu1.4_i386.deb
      Size/MD5:   164478 8dee42e92a08db66e02d7c6907fed68b
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.1ubuntu1.4_i386.deb
      Size/MD5:  1453974 fc61c840f10cebd266617dd8350d06a1
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.6.2-2.1ubuntu1.4_i386.deb
      Size/MD5:  1140640 e09d81a8c7816587cc3499043f4443cc
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.6.2-2.1ubuntu1.4_i386.deb
      Size/MD5:   232508 f1ab150d2419681e6766748ca7cdabeb

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.4_powerpc.deb
      Size/MD5:  1471972 ba92c6f99f9dbad7941cfe7904fc4c9d
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.1ubuntu1.4_powerpc.deb
      Size/MD5:   228064 8264660aa7e900a5b229211d2ab6fe95
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.6.2-2.1ubuntu1.4_powerpc.deb
      Size/MD5:   157060 4c490ebe8e9ea43b64c60fa4925b69c9
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.1ubuntu1.4_powerpc.deb
      Size/MD5:  1686208 3d22a7499735de8d09c52bdea473cfab
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.6.2-2.1ubuntu1.4_powerpc.deb
      Size/MD5:  1169978 9d3f855e0683a6e7769cdd532f8f3975
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.6.2-2.1ubuntu1.4_powerpc.deb
      Size/MD5:   270880 5b8ea03a3203cb9d76cfe2b423e47464

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.3.diff.gz
      Size/MD5:   143292 a6c6e92f30a8a62c2f309889ccdf127e
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.3.dsc
      Size/MD5:      899 8243dd001de2172bf8cb1e4c28feeed8
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4.orig.tar.gz
      Size/MD5:  5769194 7e9a3edd467a400a74126eb4a18e31ef

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.3_amd64.deb
      Size/MD5:  1333894 ef56ee172d0cbb7c7b3cef82c9ee03ee
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.2.3.4-1ubuntu1.3_amd64.deb
      Size/MD5:   259336 bdad8c4e22b7d26393f31d8f90a06e15
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6c2_6.2.3.4-1ubuntu1.3_amd64.deb
      Size/MD5:   171398 195c91188443422b9f58b8e10fe8362c
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.2.3.4-1ubuntu1.3_amd64.deb
      Size/MD5:  1670736 35a690079e1c0304ba7f85b27a7a38fa
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.2.3.4-1ubuntu1.3_amd64.deb
      Size/MD5:  1320416 9df057b70b2e090f32198815726f468a
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.3.4-1ubuntu1.3_amd64.deb
      Size/MD5:   169418 40245a5d603fdf86d74c04a5b119e730

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.3_i386.deb
      Size/MD5:  1332870 43996727c09d0731c140f0cd211a46f3
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.2.3.4-1ubuntu1.3_i386.deb
      Size/MD5:   235760 3a1052372a9c8216d940f73012944aad
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6c2_6.2.3.4-1ubuntu1.3_i386.deb
      Size/MD5:   170648 74558cf36b88a099f5e4dfb76974c86f
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.2.3.4-1ubuntu1.3_i386.deb
      Size/MD5:  1521778 e3acb57b6d90aae20e3a26dc8962a45f
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.2.3.4-1ubuntu1.3_i386.deb
      Size/MD5:  1224274 a59c665803b450a8cc91db7353cc6883
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.3.4-1ubuntu1.3_i386.deb
      Size/MD5:   164720 d6249157f6bbe9908d863728a920b9b8

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.3_powerpc.deb
      Size/MD5:  1337722 e2137e6a371c985bc4b5e6f83fd58b21
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.2.3.4-1ubuntu1.3_powerpc.deb
      Size/MD5:   260278 dcd0a323ba23dd3bb5b702ec3aa8825d
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6c2_6.2.3.4-1ubuntu1.3_powerpc.deb
      Size/MD5:   163906 33c052c757665c20a40ae1ce39b718c8
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.2.3.4-1ubuntu1.3_powerpc.deb
      Size/MD5:  1874192 ae37d509a273a974b90e5337027da8f2
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.2.3.4-1ubuntu1.3_powerpc.deb
      Size/MD5:  1258020 92e4fc65e39cd6ccfe6311e8b0ad4ddc
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.3.4-1ubuntu1.3_powerpc.deb
      Size/MD5:   163864 4e43a897b67d0fa938cd676fd0778d32

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.3_sparc.deb
      Size/MD5:  1333086 8b2ef320547ab41b906dd10a717023e3
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.2.3.4-1ubuntu1.3_sparc.deb
      Size/MD5:   236926 00bdd59a73387766501db7e585a5f64e
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6c2_6.2.3.4-1ubuntu1.3_sparc.deb
      Size/MD5:   168758 59db7fd855648fbef9608d9a5ff5681c
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.2.3.4-1ubuntu1.3_sparc.deb
      Size/MD5:  1782006 5fdbe61fa9b4d2b398e8784cd1248dcc
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.2.3.4-1ubuntu1.3_sparc.deb
      Size/MD5:  1323562 4836a4cdd037cf30d3c7c0fa27884b2e
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.3.4-1ubuntu1.3_sparc.deb
      Size/MD5:   166172 b3221914a5a54cacdde143a67be8b742

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.2.diff.gz
      Size/MD5:    34590 249b4fe9ed75b1e0abcf9956dc3ddab0
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.2.dsc
      Size/MD5:      916 2bb38f32d3c2580682cfa2a8e69ef324
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.orig.tar.gz
      Size/MD5:  6085147 8d790a280f355489d0cfb6d36ce6751f

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.2_amd64.deb
      Size/MD5:  1615846 73d81c2ba3172e54bc6743b5b335e240
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.2_amd64.deb
      Size/MD5:   249128 c894ddd5a0e1e3e0a93e52ca10e41592
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.2_amd64.deb
      Size/MD5:   170050 210554ce3ebf4958db65abc22886a604
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.2_amd64.deb
      Size/MD5:  1702182 ff4b37412322f4e17c360b90acd21d86
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.2_amd64.deb
      Size/MD5:  1347584 9c0e4ac80a3af279ac3bcb4ce5f20cc5
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.2_amd64.deb
      Size/MD5:   171700 69bc5febb49cfb2082897beac7137ef4

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.2_i386.deb
      Size/MD5:  1614570 a11713f48746d737a030a9952c932453
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.2_i386.deb
      Size/MD5:   226878 e2a19eb162016210faf2a0114e24c373
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.2_i386.deb
      Size/MD5:   168172 e7d47bf2bd7e52362b0b6f3163552aff
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.2_i386.deb
      Size/MD5:  1555620 eb28867580922dd40a17229f44e05d2d
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.2_i386.deb
      Size/MD5:  1246668 5db32ffab79ac41cc59ccc4031f07296
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.2_i386.deb
      Size/MD5:   167086 d18e7867ec2a7525dd506cb2d1a622fb

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.2_powerpc.deb
      Size/MD5:  1619566 a7482b2b79145d9057dd7e9732ab5f3f
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.2_powerpc.deb
      Size/MD5:   251276 e83357186921572b87655690278b1213
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.2_powerpc.deb
      Size/MD5:   162204 e7308053ac5829460a013872b8b1cc49
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.2_powerpc.deb
      Size/MD5:  1905462 cb7f66550b75283eda721835ab4c932e
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.2_powerpc.deb
      Size/MD5:  1283510 184890bdf2b5d49f58979e58c31f2128
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.2_powerpc.deb
      Size/MD5:   166092 ccaaf9aec42105b3f5a7af4e4e57a60c

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.2_sparc.deb
      Size/MD5:  1615182 029dc2b26ee3f43c351d194edb594f51
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.2_sparc.deb
      Size/MD5:   229030 1fdd60f6c3c0d5129f3a371c981d15a0
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.2_sparc.deb
      Size/MD5:   167030 8be206f32a61cf973660b5f06d53c2e9
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.2_sparc.deb
      Size/MD5:  1807156 0b98f302cb8303b0cedbadd04d89444a
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.2_sparc.deb
      Size/MD5:  1343110 3ecfeb730455ebca16d786e0bd403610
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.2_sparc.deb
      Size/MD5:   168794 7ceaa705e2fbbd0f664e8fcfc98bd648

    

- 漏洞信息 (F49753)

Debian Linux Security Advisory 1168-1 (PacketStormID:F49753)
2006-09-07 00:00:00
Debian  debian.org
advisory,remote,arbitrary,vulnerability
linux,debian
CVE-2006-2440,CVE-2006-3743,CVE-2006-3744
[点击下载]

Debian Security Advisory 1168-1 - Several remote vulnerabilities have been discovered in Imagemagick, a collection of image manipulation tools, which may lead to the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1168-1                    security@debian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
September 4th, 2006                     http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : imagemagick
Vulnerability  : several
Problem-Type   : local(remote)
Debian-specific: no
CVE ID         : CVE-2006-2440 CVE-2006-3743 CVE-2006-3744
Debian Bug     : 345595

Several remote vulnerabilities have been discovered in Imagemagick, a
collection of image manipulation tools, which may lead to the execution
of arbitrary code. The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2006-2440

    Eero H    

- 漏洞信息 (F49550)

Mandriva Linux Security Advisory 2006.155 (PacketStormID:F49550)
2006-08-29 00:00:00
Mandriva  mandriva.com
advisory,denial of service,overflow,arbitrary
linux,mandriva
CVE-2006-3743,CVE-2006-3744,CVE-2006-4144
[点击下载]

Mandriva Linux Security Advisory MDKSA-2006-155 - Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted attackers to execute arbitrary code via crafted XCF images. Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun bitmap images that trigger heap-based buffer overflows. An integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large bytes_per_pixel, columns, and rows values, which trigger a heap-based buffer overflow.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:155
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : ImageMagick
 Date    : August 29, 2006
 Affected: 2006.0, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted
 attackers to execute arbitrary code via crafted XCF images. (CVE-2006-3743)
 
 Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted
 attackers to execute arbitrary code via crafted Sun bitmap images that trigger
 heap-based buffer overflows. (CVE-2006-3744)
 
 Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 
 6.2.9 allows user-assisted attackers to cause a denial of service (crash) 
 and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) 
 columns, and (3) rows values, which trigger a heap-based buffer overflow. 
 (CVE-2006-4144)
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3743
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3744
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4144
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 f7c1f8c63d6e88a21cf040c27bc20115  2006.0/RPMS/ImageMagick-6.2.4.3-1.2.20060mdk.i586.rpm
 5b1279e63710439d5906452de7619baf  2006.0/RPMS/ImageMagick-doc-6.2.4.3-1.2.20060mdk.i586.rpm
 ead63f1889e5f7ad14e07d229e6a51ff  2006.0/RPMS/libMagick8.4.2-6.2.4.3-1.2.20060mdk.i586.rpm
 af843e36e54d540b262be62c9dfc2213  2006.0/RPMS/libMagick8.4.2-devel-6.2.4.3-1.2.20060mdk.i586.rpm
 f6a11d5243521e59d4be1c4325c2a46a  2006.0/RPMS/perl-Image-Magick-6.2.4.3-1.2.20060mdk.i586.rpm
 e4b6c31d3f78c27d07d1b933b26035d0  2006.0/SRPMS/ImageMagick-6.2.4.3-1.2.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 85730b9e08b041dd79afc26180f3ea64  x86_64/2006.0/RPMS/ImageMagick-6.2.4.3-1.2.20060mdk.x86_64.rpm
 a75ca1c0a7497d8618734fd1c805ec6c  x86_64/2006.0/RPMS/ImageMagick-doc-6.2.4.3-1.2.20060mdk.x86_64.rpm
 69d40772b9caafa636a9645507d3e593  x86_64/2006.0/RPMS/lib64Magick8.4.2-6.2.4.3-1.2.20060mdk.x86_64.rpm
 b4cafa52cc359762b4986b78dcaf9556  x86_64/2006.0/RPMS/lib64Magick8.4.2-devel-6.2.4.3-1.2.20060mdk.x86_64.rpm
 b3e2b141c626282a7ea075e64bb6b93c  x86_64/2006.0/RPMS/perl-Image-Magick-6.2.4.3-1.2.20060mdk.x86_64.rpm
 e4b6c31d3f78c27d07d1b933b26035d0  x86_64/2006.0/SRPMS/ImageMagick-6.2.4.3-1.2.20060mdk.src.rpm

 Corporate 3.0:
 ebb56345796498b2df38fc7559fce769  corporate/3.0/RPMS/ImageMagick-5.5.7.15-6.7.C30mdk.i586.rpm
 8d4ed101a407ed9aca298a5e3085745d  corporate/3.0/RPMS/ImageMagick-doc-5.5.7.15-6.7.C30mdk.i586.rpm
 56c80a65cc5b31d4c8dcdae47c56ba57  corporate/3.0/RPMS/libMagick5.5.7-5.5.7.15-6.7.C30mdk.i586.rpm
 4ee186d6f9d004296e530a4f8f298f22  corporate/3.0/RPMS/libMagick5.5.7-devel-5.5.7.15-6.7.C30mdk.i586.rpm
 d9797b8c80c4527f8b41b2be56b3cb63  corporate/3.0/RPMS/perl-Magick-5.5.7.15-6.7.C30mdk.i586.rpm
 45d71f01651307e4768274e80f72ecfa  corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.7.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 19df6c6601c45fa3774c204e3fd25ba3  x86_64/corporate/3.0/RPMS/ImageMagick-5.5.7.15-6.7.C30mdk.x86_64.rpm
 473b57f63e9244de8697b48909f98274  x86_64/corporate/3.0/RPMS/ImageMagick-doc-5.5.7.15-6.7.C30mdk.x86_64.rpm
 bde18af5f59aacf8856b9cc90713e6be  x86_64/corporate/3.0/RPMS/lib64Magick5.5.7-5.5.7.15-6.7.C30mdk.x86_64.rpm
 dcfc5557a3ebf09ceee49311057021e5  x86_64/corporate/3.0/RPMS/lib64Magick5.5.7-devel-5.5.7.15-6.7.C30mdk.x86_64.rpm
 6ef9639f8af9e32a9d09a7916a20736c  x86_64/corporate/3.0/RPMS/perl-Magick-5.5.7.15-6.7.C30mdk.x86_64.rpm
 45d71f01651307e4768274e80f72ecfa  x86_64/corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.7.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFE9C0EmqjQ0CJFipgRAmz1AJ4sNhz6tRHJcjCD/RPjAep0Zixo+ACfdH1c
cjCyOOO7ypteNoVP4tsiDHM=
=nr99
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息

28205
ImageMagick XCF Image Decoder Overflow
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Unknown

- 漏洞描述

ImageMagick contains a flaw that may allow stack-based and a heap-based overflow. The issue is triggered due to errors within the XCF image decoder when processing specially crafted XCF image files. It is possible that the flaw may allow remote arbitrary code execution resulting in a loss of integrity.

- 时间线

2006-08-24 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 6.2.9-1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

ImageMagick XCF Image File Remote Unspecified Buffer Overflow Vulnerability
Boundary Condition Error 19697
Yes No
2006-08-24 12:00:00 2007-02-08 05:38:00
Tavis Ormandy discovered this vulnerability.

- 受影响的程序版本

Ubuntu Ubuntu Linux 5.10 sparc
Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
Turbolinux Turbolinux Server 10.0
Turbolinux Turbolinux Server 10.0.0 x64
Turbolinux Turbolinux Desktop 10.0
Turbolinux Turbolinux FUJI
Turbolinux Turbolinux 10 F...
Turbolinux Turbolinux 10 F...
TurboLinux Personal
TurboLinux Multimedia
Turbolinux Home
Turbolinux Appliance Server 2.0
TransSoft Broker FTP Server 8.0
SuSE SUSE Linux Enterprise Server SDK 9
SuSE SUSE Linux Enterprise SDK 10
SuSE SUSE Linux Enterprise Desktop 10
SGI Advanced Linux Environment 3.0
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 10.1
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 10.1
S.u.S.E. Linux Desktop 1.0
rPath rPath Linux 1
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Desktop 4.0
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Fedora Core6
Red Hat Fedora Core5
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
Novell Linux Desktop 9
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
ImageMagick ImageMagick 6.2.9
ImageMagick ImageMagick 6.2.8
ImageMagick ImageMagick 6.2.7
ImageMagick ImageMagick 6.2.6
ImageMagick ImageMagick 6.2.5
ImageMagick ImageMagick 6.2.4 .5
ImageMagick ImageMagick 6.2.4
ImageMagick ImageMagick 6.2.2
+ Gentoo Linux
ImageMagick ImageMagick 6.2.1
ImageMagick ImageMagick 6.2 .0.7
+ Red Hat Fedora Core3
+ Red Hat Fedora Core2
ImageMagick ImageMagick 6.2 .0.4
+ Gentoo Linux
ImageMagick ImageMagick 6.2
ImageMagick ImageMagick 6.1.8
+ Gentoo Linux
ImageMagick ImageMagick 6.1.7
ImageMagick ImageMagick 6.1.6
ImageMagick ImageMagick 6.1.5
ImageMagick ImageMagick 6.1.4
ImageMagick ImageMagick 6.1.3
ImageMagick ImageMagick 6.1.2
ImageMagick ImageMagick 6.1.1
ImageMagick ImageMagick 6.1
ImageMagick ImageMagick 6.0.8
ImageMagick ImageMagick 6.0.7
+ Red Hat Enterprise Linux AS 4
+ RedHat Desktop 4.0
+ RedHat Enterprise Linux Desktop version 4
+ RedHat Enterprise Linux ES 4
+ RedHat Enterprise Linux WS 4
+ S.u.S.E. Linux Personal 9.2 x86_64
+ S.u.S.E. Linux Personal 9.2
ImageMagick ImageMagick 6.0.6
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
ImageMagick ImageMagick 6.0.5
+ Turbolinux Home
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Server 10.0
ImageMagick ImageMagick 6.0.4
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
ImageMagick ImageMagick 6.0.3
ImageMagick ImageMagick 6.0.2 .5
ImageMagick ImageMagick 6.0.2
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
ImageMagick ImageMagick 6.0.1
ImageMagick ImageMagick 6.0
ImageMagick ImageMagick 5.5.7
ImageMagick ImageMagick 5.5.6 .0-20030409
+ OpenPKG OpenPKG Current
ImageMagick ImageMagick 5.5.6 .0-20030409
ImageMagick ImageMagick 5.5.6
+ Red Hat Enterprise Linux AS 3
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
ImageMagick ImageMagick 5.5.4
+ S.u.S.E. Linux Personal 8.2
ImageMagick ImageMagick 5.5.3 .2-1.2.0
ImageMagick ImageMagick 5.4.8 .2-1.1.0
ImageMagick ImageMagick 5.4.8
ImageMagick ImageMagick 5.4.7
+ Turbolinux Turbolinux Server 8.0
ImageMagick ImageMagick 5.4.4 .5
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
ImageMagick ImageMagick 5.4.3
ImageMagick ImageMagick 5.3.8
ImageMagick ImageMagick 5.3.3
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Workstation 7.0
ImageMagick ImageMagick 6.2.4.3
ImageMagick ImageMagick 6.2.3.4
ImageMagick ImageMagick 6.0.6.2
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
ImageMagick ImageMagick 6.0.4.4
ImageMagick ImageMagick 5.4.2.3
Gentoo Linux
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
ImageMagick ImageMagick 6.2.9.2

- 不受影响的程序版本

ImageMagick ImageMagick 6.2.9.2

- 漏洞讨论

ImageMagick is prone to an unspecified remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

This issue allows attackers to execute arbitrary machine code in the context of applications that use the ImageMagick library.

This BID will be updated as further information is disclosed.

Versions of ImageMagick prior to 6.2.9-2 are vulnerable to this issue.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案

The vendor has released version 6.2.9-2 to address this issue. Please contact the vendor for information on obtaining and applying fixes.

Please see the references for more information.


ImageMagick ImageMagick 6.0.6.2

ImageMagick ImageMagick 6.0.7

ImageMagick ImageMagick 6.1.8

ImageMagick ImageMagick 6.2.4 .5

ImageMagick ImageMagick 6.2.5

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站