SuSE 10 Security Update : ImageMagick (ZYPP Patch Number 2048)
Medium Nessus Plugin ID 29347
SynopsisThe remote SuSE 10 host is missing a security-related patch.
DescriptionSeveral security problems have been fixed in ImageMagick :
- Several heap buffer overflow were found in the Sun Bitmap decoder of ImageMagick by an audit by the Google Security Team. This problem could be exploited by an attacker to execute code. (CVE-2006-3744)
- Multiple buffer overflows were found in the XCF plugin due to incorrect bounds checking by the Google Security Team. This problem could be exploited by an attacker to execute code. (CVE-2006-3743)
- A integer overflow in the ReadSGIImage function can be used by attackers to potentially execute code.
- An infinite loop in ImageMagick caused by TransformHSB was fixed.
- An infinite loop in handling of TIFF images was fixed.
SolutionApply ZYPP patch number 2048.