Package : imagemagick Vulnerability : several Problem-Type : local (remote) Debian-specific: no CVE IDs : CAN-2005-0397 CAN-2005-0759 CAN-2005-0760 CAN-2005-0762 BugTraq ID : 12875 Debian Bug : 297990
Several vulnerabilities have been discovered in ImageMagick, a commonly used image manipulation library. These problems can be exploited by a carefully crafted graphic image. The Common Vulnerabilities and Exposures project identifies the following problems:
Tavis Ormandy discovered a format string vulnerability in the filename handling code which allows a remote attacker to cause a denial of service and possibly execute arbitrary code.
Andrei Nigmatulin discovered a denial of service condition which can be caused by an invalid tag in a TIFF image.
Andrei Nigmatulin discovered that the TIFF decoder is vulnerable to accessing memory out of bounds which will result in a segmentation fault.
Andrei Nigmatulin discovered a buffer overflow in the SGI parser which allows a remote attacker to execute arbitrary code via a specially crafted SGI image file.
For the stable distribution (woody) these problems have been fixed in version 184.108.40.206-1woody6.
For the unstable distribution (sid) these problems have been fixed in version 220.127.116.11-2.2.
We recommend that you upgrade your imagemagick package.
Upgrade Instructions ---------------------
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody ---------------------------------