Ein Gedanke zu „ImageMagick v6 Examples — Canvas Creation“

  1. Package : imagemagick
    Vulnerability : multiple
    Problem type : local(remote)
    Debian-specific: no
    CVE Id(s) : CVE-2007-1667 CVE-2007-1797 CVE-2007-4985 CVE-2007-4986
    CVE-2007-4987 CVE-2007-4988 CVE-2008-1096 CVE-2008-1097
    CVE-2009-1882
    Debian Bug : 418057 412945 444267 530838

    Several vulnerabilities have been discovered in the imagemagick image
    manipulation programs which can lead to the execution of arbitrary code,
    exposure of sensitive information or cause DoS. The Common Vulnerabilities
    and Exposures project identifies the following problems:

    CVE-2007-1667

    Multiple integer overflows in XInitImage function in xwd.c for
    ImageMagick, allow user-assisted remote attackers to cause a denial of
    service (crash) or obtain sensitive information via crafted images with
    large or negative values that trigger a buffer overflow. It only affects
    the oldstable distribution (etch).

    CVE-2007-1797

    Multiple integer overflows allow remote attackers to execute arbitrary
    code via a crafted DCM image, or the colors or comments field in a
    crafted XWD image. It only affects the oldstable distribution (etch).

    CVE-2007-4985

    A crafted image file can trigger an infinite loop in the ReadDCMImage
    function or in the ReadXCFImage function. It only affects the oldstable
    distribution (etch).

    CVE-2007-4986

    Multiple integer overflows allow context-dependent attackers to execute
    arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file,
    which triggers a heap-based buffer overflow. It only affects the
    oldstable distribution (etch).

    CVE-2007-4987

    Off-by-one error allows context-dependent attackers to execute arbitrary
    code via a crafted image file, which triggers the writing of a ”
    character to an out-of-bounds address. It affects only the oldstable
    distribution (etch).

    CVE-2007-4988

    A sign extension error allows context-dependent attackers to execute
    arbitrary code via a crafted width value in an image file, which
    triggers an integer overflow and a heap-based buffer overflow. It
    affects only the oldstable distribution (etch).

    CVE-2008-1096

    The load_tile function in the XCF coder allows user-assisted remote
    attackers to cause a denial of service or possibly execute arbitrary
    code via a crafted .xcf file that triggers an out-of-bounds heap write.
    It affects only to oldstable (etch).

    CVE-2008-1097

    Heap-based buffer overflow in the PCX coder allows user-assisted remote
    attackers to cause a denial of service or possibly execute arbitrary
    code via a crafted .pcx file that triggers incorrect memory allocation
    for the scanline array, leading to memory corruption. It affects only to
    oldstable (etch).

    CVE-2009-1882

    Integer overflow allows remote attackers to cause a denial of service
    (crash) and possibly execute arbitrary code via a crafted TIFF file,
    which triggers a buffer overflow.

    For the old stable distribution (etch), these problems have been fixed in
    version 7:6.2.4.5.dfsg1-0.15+etch1.

    For the stable distribution (lenny), these problems have been fixed in
    version 7:6.3.7.9.dfsg2-1~lenny3.

    For the upcoming stable distribution (squeeze) and the unstable
    distribution (sid), these problems have been fixed in version
    7:6.5.1.0-1.1.

    We recommend that you upgrade your imagemagick packages.

    Upgrade instructions
    – ——————–

    wget url
    will fetch the file for you
    dpkg -i file.deb
    will install the referenced file.

    If you are using the apt-get package manager, use the line for
    sources.list as given below:

    apt-get update
    will update the internal database
    apt-get upgrade
    will install corrected packages

    You may use an automated update by adding the resources from the
    footer to the proper configuration.

    Debian GNU/Linux 4.0 alias etch
    – ——————————-

    Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

    Source archives:

    https://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1.tar.gz
    Size/MD5 checksum: 5202678 cbb51d6956c6dd68f7dfaa068d0b416b
    https://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1.dsc
    Size/MD5 checksum: 958 6c8ffe1f0d0efab6652070aabd8fab8d

    amd64 architecture (AMD x86_64 (AMD64))

    https://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1_amd64.deb
    Size/MD5 checksum: 744738 78e3cfa4a31075f823bc28403f5d67c5
    https://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.15+etch1_amd64.deb
    Size/MD5 checksum: 248658 6bb3f532d90ed4cdd7ca59d9cebfe701
    https://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.15+etch1_amd64.deb
    Size/MD5 checksum: 172718 600e69985df7aef9e5fd776fdfc3b738
    https://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.15+etch1_amd64.deb
    Size/MD5 checksum: 1676998 c713077e98f9176de77ce5c58f00d2bc
    https://security.debian.org/pool/updates/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.15+etch1_amd64.deb
    Size/MD5 checksum: 1324236 ce92217fb065842e2ab9a7f3ac970e55
    https://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.15+etch1_amd64.deb
    Size/MD5 checksum: 173408 98e699079a51b04a90c3f40792b9be80

    Antworten

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert