FreeBSD : ImageMagick -- format string vulnerability (713c3913-8c2b-11d9-b58c-0001020eed82)

High Nessus Plugin ID 18980


The remote FreeBSD host is missing one or more security-related updates.


Tavis Ormandy reports :

magemagick-6.2.0-3 fixes an potential issue handling malformed filenames, the flaw may affect webapps or scripts that use the imagemagick utilities for image processing, or applications linked with libMagick.

This vulnerability could crash ImageMagick or potentially lead to the execution of arbitrary code with the permissions of the user running ImageMagick.


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 18980

File Name: freebsd_pkg_713c39138c2b11d9b58c0001020eed82.nasl

Version: $Revision: 1.12 $

Type: local

Published: 2005/07/13

Modified: 2013/06/21

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:ImageMagick, p-cpe:/a:freebsd:freebsd:ImageMagick-nox11, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2005/03/03

Vulnerability Publication Date: 2005/03/02

Reference Information

CVE: CVE-2005-0397