SUSE-SA:2005:017: ImageMagick

This script is Copyright (C) 2005-2016 Tenable Network Security, Inc.


Synopsis :

The remote host is missing a vendor-supplied security patch

Description :

The remote host is missing the patch for the advisory SUSE-SA:2005:017 (ImageMagick).


This update fixes several security issues in the ImageMagick program suite:

- A format string vulnerability was found in the display program
which could lead to a remote attacker being to able to execute code
as the user running display by providing handcrafted filenames of
images. This is tracked by the Mitre CVE ID CVE-2005-0397.

Andrei Nigmatulin reported 4 problems in older versions of ImageMagick:

- A bug was found in the way ImageMagick handles TIFF tags.
It is possible that a TIFF image file with an invalid tag could
cause ImageMagick to crash.
This is tracked by the Mitre CVE ID CVE-2005-0759.

Only ImageMagick version before version 6 are affected.

- A bug was found in ImageMagick's TIFF decoder.
It is possible that a specially crafted TIFF image file could
cause ImageMagick to crash.
This is tracked by the Mitre CVE ID CVE-2005-0760.

Only ImageMagick version before version 6 are affected.

- A bug was found in the way ImageMagick parses PSD files.
It is possible that a specially crafted PSD file could cause
ImageMagick to crash.
This is tracked by the Mitre CVE ID CVE-2005-0761.

Only ImageMagick version before version 6.1.8 are affected.

- A heap overflow bug was found in ImageMagick's SGI parser.
It is possible that an attacker could execute arbitrary code
by tricking a user into opening a specially crafted SGI image
file.
This is tracked by the Mitre CVE ID CVE-2005-0762.

Only ImageMagick version before version 6 are affected.

Solution :

http://www.suse.de/security/advisories/2005_17_imagemagick.html

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 17606 ()

Bugtraq ID:

CVE ID: CVE-2005-0397
CVE-2005-0759
CVE-2005-0760
CVE-2005-0761
CVE-2005-0762

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now