CERTA-2004-AVI-295

Vulnerability from certfr_avis - Published: 2004-09-02 - Updated: 2004-10-21

None

Description

ImageMagick est un ensemble d'outils destinés au traitement d'images.

Une vulnérabilité de type débordement de mémoire présente dans la routine de décodage des fichiers BMP compressés au format RLE 8 bits peut être exploitée par une personne mal intentionnée mettant à disposition de l'utilisateur d'ImageMagick une image habilement constituée.

Solution

La version 6.0.6-2 d'ImageMagick corrige cette vulnérabilité.

ImageMagick dont la version est antérieure à la 6.0.6-2.

Impacted products
Vendor Product Description
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eImageMagick dont la version est  ant\u00e9rieure \u00e0 la 6.0.6-2.\u003c/p\u003e",
  "content": "## Description\n\nImageMagick est un ensemble d\u0027outils destin\u00e9s au traitement d\u0027images.\n\nUne vuln\u00e9rabilit\u00e9 de type d\u00e9bordement de m\u00e9moire pr\u00e9sente dans la\nroutine de d\u00e9codage des fichiers BMP compress\u00e9s au format RLE 8 bits\npeut \u00eatre exploit\u00e9e par une personne mal intentionn\u00e9e mettant \u00e0\ndisposition de l\u0027utilisateur d\u0027ImageMagick une image habilement\nconstitu\u00e9e.\n\n## Solution\n\nLa version 6.0.6-2 d\u0027ImageMagick corrige cette vuln\u00e9rabilit\u00e9.\n",
  "cves": [],
  "initial_release_date": "2004-09-02T00:00:00",
  "last_revision_date": "2004-10-21T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2004:494 du 20 octobre    2004 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2004-494.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2004:480 du 20 octobre    2004 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2004-480.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-547 du 16 septembre 2004 :",
      "url": "http://www.debian.org/security/2004/dsa-547"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SecurityTracker #1011103 du 31 ao\u00fbt    2004 :",
      "url": "http://www.securitytracker.com/alerts/2004/Aug/1011103.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA 200409-12 du 08 septembre    2004 :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-12.xml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 FreeBSD du 31 ao\u00fbt 2004 :",
      "url": "http://www.vuxml.org/freebsd/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandrake MDKSA-2004:102 du 22    septembre 2004 :",
      "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:102"
    },
    {
      "title": "Site Internet d\u0027ImageMagick :",
      "url": "http://www.imagemagick.org"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Sun #57648 du 20 septembre 2004 :",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57648-1"
    },
    {
      "title": "Mise-\u00e0-jour ImageMagick\u003c6.0.6.2 pour NetBSD :",
      "url": "ftp://ftp.netbsd.org/pub/NetBSD/packages/distfiles/vulnerabilities"
    }
  ],
  "reference": "CERTA-2004-AVI-295",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2004-09-02T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Gentoo.",
      "revision_date": "2004-09-08T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Debian.",
      "revision_date": "2004-09-17T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Sun.",
      "revision_date": "2004-09-22T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Mandrake.",
      "revision_date": "2004-09-23T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin FreeBSD et \u00e0 la mise-\u00e0-jour NetBSD.",
      "revision_date": "2004-09-28T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence aux bulletins de s\u00e9curit\u00e9 de Red Hat.",
      "revision_date": "2004-10-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9 dans ImageMagick",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 #1011103 de SecurityTracker",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.