Mandriva Linux Security Advisory : ImageMagick (MDVSA-2008:099)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

A heap-based buffer overflow vulnerability was found in how
ImageMagick parsed XCF files. If ImageMagick opened a specially
crafted XCF file, it could be made to overwrite heap memory beyond the
bounds of its allocated memory, potentially allowing an attacker to
execute arbitrary code on the system running ImageMagick
(CVE-2008-1096).

Another heap-based buffer overflow vulnerability was found in how
ImageMagick processed certain malformed PCX images. If ImageMagick
opened a specially crafted PCX image file, an attacker could possibly
execute arbitrary code on the system running ImageMagick
(CVE-2008-1097).

The updated packages have been patched to correct these issues.

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Mandriva Local Security Checks

Nessus Plugin ID: 37739 (mandriva_MDVSA-2008-099.nasl)

Bugtraq ID: 28821
28822

CVE ID: CVE-2008-1096
CVE-2008-1097

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now