Mandrake Linux Security Advisory : ImageMagick (MDKSA-2006:155)
High Nessus Plugin ID 23899
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionMultiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted attackers to execute arbitrary code via crafted XCF images. (CVE-2006-3743)
Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun bitmap images that trigger heap-based buffer overflows.
Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow. (CVE-2006-4144)
The updated packages have been patched to correct these issues.
SolutionUpdate the affected packages.