GLSA-201006-03 : ImageMagick: User-assisted execution of arbitrary code
High Nessus Plugin ID 46770
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201006-03 (ImageMagick: User-assisted execution of arbitrary code)
Tielei Wang has discovered that the XMakeImage() function in magick/xwindow.c is prone to an integer overflow, possibly leading to a buffer overflow.
A remote attacker could entice a user to open a specially crafted image, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application, or a Denial of Service.
There is no known workaround at this time.
SolutionAll ImageMagick users should upgrade to an unaffected version:
# emerge --sync # emerge --ask --oneshot --verbose '>=media-gfx/imagemagick-188.8.131.52' NOTE: This is a legacy GLSA. Updates for all affected architectures are available since June 4, 2009. It is likely that your system is already no longer affected by this issue.