CERTA-2005-AVI-122

Vulnerability from certfr_avis - Published: 2005-03-25 - Updated: 2005-04-04

None

Description

ImageMagick est un ensemble d'outils destinés au traitement d'images.

Plusieurs vulnérabilités présentes dans le traitement des images au format TIFF (CAN-2005-0759 et CAN-2005-0760) ou SGI(CAN-2005-0762) et des informations PSD (CAN-2005-0761) peuvent être exploitées par une personne mal intentionnée en mettant à disposition de l'utilisateur d'ImageMagick une image habilement constituée.

Une vulnérabilité de type chaîne de format est également présente dans la gestion des noms de fichiers image (CAN-2005-0397).

Solution

La version 6.2.0-8 corrige ces vulnérabilités.

Toutes les versions de ImageMagick antérieures à la version 6.2.

Impacted products
Vendor Product Description
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eToutes les versions de ImageMagick  ant\u00e9rieures \u00e0 la version 6.2.\u003c/p\u003e",
  "content": "## Description\n\nImageMagick est un ensemble d\u0027outils destin\u00e9s au traitement d\u0027images.\n\nPlusieurs vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans le traitement des images au\nformat TIFF (CAN-2005-0759 et CAN-2005-0760) ou SGI(CAN-2005-0762) et\ndes informations PSD (CAN-2005-0761) peuvent \u00eatre exploit\u00e9es par une\npersonne mal intentionn\u00e9e en mettant \u00e0 disposition de l\u0027utilisateur\nd\u0027ImageMagick une image habilement constitu\u00e9e.\n\nUne vuln\u00e9rabilit\u00e9 de type cha\u00eene de format est \u00e9galement pr\u00e9sente dans\nla gestion des noms de fichiers image (CAN-2005-0397).\n\n## Solution\n\nLa version 6.2.0-8 corrige ces vuln\u00e9rabilit\u00e9s.\n",
  "cves": [],
  "initial_release_date": "2005-03-25T00:00:00",
  "last_revision_date": "2005-04-04T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2005:320 du 23 mars 2005 :",
      "url": "https://rhn.redhat.com/errata/RHSA-2005-320.html"
    },
    {
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 pour Fedora Core 2 du 31 mars 2005    :",
      "url": "http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandrake MDKSA-2005:065 du 01 avril    2005 :",
      "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:065"
    },
    {
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 pour Fedora Core 3 du 31 mars 2005    :",
      "url": "http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 FreeBSD pour ImageMagick du 03 mars    2005 :",
      "url": "http://www.vuxml.org/freebsd/pkg-ImageMagick.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA 200503-11 du 06 mars 2005    :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-11.xml"
    },
    {
      "title": "Site Internet d\u0027ImageMagick :",
      "url": "http://www.imagemagick.org"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-702 du 01 avril 2005 :",
      "url": "http://www.debian.org/security/2005/dsa-702"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2005:070 du 23 mars 2005 :",
      "url": "https://rhn.redhat.com/errata/RHSA-2005-070.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SuSE SuSE-SA:2005:017 du 23 mars 2005    :",
      "url": "http://www.novell.com/linux/security/advisories/2005_17_imagemagick.html"
    }
  ],
  "reference": "CERTA-2005-AVI-122",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2005-03-25T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux mises \u00e0 jour de s\u00e9curit\u00e9 Fedora.",
      "revision_date": "2005-03-31T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 de Mandrake et Debian.",
      "revision_date": "2005-04-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": null,
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans ImageMagick",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE-SA:2005:017",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.