Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Multiple vulnerabilities have been discovered in ImageMagick.

ImageMagick before 6.3.5-9 allows context-dependent attackers to cause
a denial of service via a crafted image file that triggers (1) an
infinite loop in the ReadDCMImage function, related to ReadBlobByte
function calls
or (2) an infinite loop in the ReadXCFImage function,
related to ReadBlobMSBLong function calls.

Multiple integer overflows in ImageMagick before 6.3.5-9 allow
context-dependent attackers to execute arbitrary code via a crafted
(1) .dcm, (2) .dib, (3) .xbm, (4) .xcf, or (5) .xwd image file, which
triggers a heap-based buffer overflow.

Off-by-one error in the ReadBlobString function in blob.c in
ImageMagick before 6.3.5-9 allows context-dependent attackers to
execute arbitrary code via a crafted image file, which triggers the
writing of a '\0' character to an out-of-bounds address.

Sign extension error in the ReadDIBImage function in ImageMagick
before 6.3.5-9 allows context-dependent attackers to execute arbitrary
code via a crafted width value in an image file, which triggers an
integer overflow and a heap-based buffer overflow.

See also :

http://www.nessus.org/u?5a73507c
http://www.nessus.org/u?8a4d35ff

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)