ImageMagick < 6.5.2-9 magick/xwindow.c XMakeImage() Function TIFF File Handling Overflow
High Nessus Plugin ID 38951
SynopsisThe remote Windows host contains an application that is affected by an integer overflow vulnerability.
DescriptionThe remote Windows host is running a version of ImageMagick earlier than 6.5.2-9. Such versions reportedly fail to properly handle malformed 'TIFF' files in the 'XMakeImage()' function. If an attacker can trick a user on the remote host into opening a specially crafted file using the affected application, he can leverage this flaw to execute arbitrary code on the remote host subject to the user's privileges.
SolutionUpgrade to ImageMagick version 6.5.2-9 or later.
Note that you may need to manually uninstall the vulnerable version from the system.