RHEL 2.1 : ImageMagick (RHSA-2004:494)

High Nessus Plugin ID 15537


The remote Red Hat host is missing one or more security updates.


Updated ImageMagick packages that fix various security vulnerabilities are now available.

ImageMagick(TM) is an image display and manipulation tool for the X Window System.

A heap overflow flaw was discovered in the ImageMagick image handler.
An attacker could create a carefully crafted BMP file in such a way that it would cause ImageMagick to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0827 to this issue.

A temporary file handling bug has been found in ImageMagick's libmagick library. A local user could overwrite or create files as a different user if a program was linked with the vulnerable library.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0455 to this issue.

Users of ImageMagick should upgrade to these updated packages, which contain a backported patch, and is not vulnerable to this issue.


Update the affected packages.

See Also




Plugin Details

Severity: High

ID: 15537

File Name: redhat-RHSA-2004-494.nasl

Version: $Revision: 1.18 $

Type: local

Agent: unix

Published: 2004/10/21

Modified: 2016/12/28

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:ImageMagick, p-cpe:/a:redhat:enterprise_linux:ImageMagick-c++, p-cpe:/a:redhat:enterprise_linux:ImageMagick-c++-devel, p-cpe:/a:redhat:enterprise_linux:ImageMagick-devel, p-cpe:/a:redhat:enterprise_linux:ImageMagick-perl, cpe:/o:redhat:enterprise_linux:2.1

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 2004/10/20

Reference Information

CVE: CVE-2003-0455, CVE-2004-0827

RHSA: 2004:494