FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ImageMagick -- format string vulnerability

Affected packages
ImageMagick < 6.2.0.3
ImageMagick-nox11 < 6.2.0.3

Details

VuXML ID 713c3913-8c2b-11d9-b58c-0001020eed82
Discovery 2005-03-02
Entry 2005-03-03

Tavis Ormandy reports:

magemagick-6.2.0-3 fixes an potential issue handling malformed filenames, the flaw may affect webapps or scripts that use the imagemagick utilities for image processing, or applications linked with libMagick.

This vulnerability could crash ImageMagick or potentially lead to the execution of arbitrary code with the permissions of the user running ImageMagick.

References

CVE Name CVE-2005-0397
URL http://www.ubuntulinux.org/support/documentation/usn/usn-90-1

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.