FreeBSD : ImageMagick -- SGI Image File heap overflow vulnerability (18e3a5be-81f9-11db-95a2-0012f06707f0)

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

SecurityFocus reports about ImageMagick :

ImageMagick is prone to a remote heap-based buffer-overflow
vulnerability because the application fails to properly bounds-check
user-supplied input before copying it to an insufficiently sized
memory buffer.

Exploiting this issue allows attackers to execute arbitrary machine
code in the context of applications that use the ImageMagick library.

See also :

http://www.securityfocus.com/bid/21185/discuss
http://www.nessus.org/u?1debc52c

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 23758 (freebsd_pkg_18e3a5be81f911db95a20012f06707f0.nasl)

Bugtraq ID: 21185

CVE ID: CVE-2006-5868

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now