SuSE 10 Security Update : ImageMagick (ZYPP Patch Number 2048)

This script is Copyright (C) 2007-2012 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 10 host is missing a security-related patch.

Description :

Several security problems have been fixed in ImageMagick :

- Several heap buffer overflow were found in the Sun
Bitmap decoder of ImageMagick by an audit by the Google
Security Team. This problem could be exploited by an
attacker to execute code. (CVE-2006-3744)

- Multiple buffer overflows were found in the XCF plugin
due to incorrect bounds checking by the Google Security
Team. This problem could be exploited by an attacker to
execute code. (CVE-2006-3743)

- A integer overflow in the ReadSGIImage function can be
used by attackers to potentially execute code.
(CVE-2006-4144)

- An infinite loop in ImageMagick caused by TransformHSB
was fixed.

- An infinite loop in handling of TIFF images was fixed.

See also :

http://support.novell.com/security/cve/CVE-2006-3743.html
http://support.novell.com/security/cve/CVE-2006-3744.html
http://support.novell.com/security/cve/CVE-2006-4144.html

Solution :

Apply ZYPP patch number 2048.

Risk factor :

Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 29347 ()

Bugtraq ID:

CVE ID: CVE-2006-3743
CVE-2006-3744
CVE-2006-4144

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now