ImageMagick 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.
문서번호 : 1208408944
업데이트 : 2008.04.17
상세내용
CVE-2006-2440:
Heap-based buffer overflow in the libMagick componet of ImageMagick 6.0.6.2
might allow attackers to execute arbitrary code via an image index array
that triggers the overflow during filename glob expansion by the
ExpandFilenames function.
CVE-2006-5456:
Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick
6.0.7 allow user-assisted attackers to cause a denial of service and possibly
execute arbitrary code via (1) a DCM image that is not properly handled by
the ReadDCMImage function in coders/dcm.c, or (2) a PALM image that is not
properly handled by the ReadPALMImage function in coders/palm.c.
CVE-2006-5868:
Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before
6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted
SGI image.
CVE-2007-1797:
Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote
attackers to execute arbitrary code via (1) a crafted DCM image, which
results in a heap-based overflow in the ReadDCMImage function, or (2)
the (a) colors or (b) comments field in a crafted XWD image, which
results in a heap-based overflow in the ReadXWDImage function, different
issues than CVE-2007-1667.
CVE-2007-4985:
ImageMagick before 6.3.5-9 allows context-dependent attackers to cause a
denial of service via a crafted image file that triggers (1) an infinite
loop in the ReadDCMImage function, related to ReadBlobByte function calls;
or (2) an infinite loop in the ReadXCFImage function, related to
ReadBlobMSBLong function calls.
CVE-2007-4986:
Multiple integer overflows in ImageMagick before 6.3.5-9 allow
context-dependent attackers to execute arbitrary code via a crafted (1)
.dcm, (2) .dib, (3) .xbm, (4) .xcf, or (5) .xwd image file, which triggers
a heap-based buffer overflow.
CVE-2007-4988:
Sign extension error in the ReadDIBImage function in ImageMagick before
6.3.5-9 allows context-dependent attackers to execute arbitrary code via
a crafted width value in an image file, which triggers an integer overflow
and a heap-based buffer overflow.
CVE-2008-1096:
The load_tile function in the XCF coder in coders/xcf.c in (1) ImageMagick
6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote
attackers to cause a denial of service (crash) or possibly execute
arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap
write, possibly related to the ScaleCharToQuantum function.
CVE-2008-1097:
Heap-based buffer overflow in the ReadPCXImage function in the PCX coder
in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick
(aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of
service (crash) or possibly execute arbitrary code via a crafted .pcx file
that triggers incorrect memory allocation for the scanline array, leading
to memory corruption.
Autoupdates 지원 : Packages System
pkgadd -F ImageMagick*
update 패키지
RPMS :
. ImageMagick-5.5.6-28.i686.rpm
. ImageMagick-devel-5.5.6-28.i686.rpm
SRPMS :
. ImageMagick-5.5.6-28.src.rpm
참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2440
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5868
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4985
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1097
|