CERTA-2004-AVI-295
Vulnerability from certfr_avis

None

Description

ImageMagick est un ensemble d'outils destinés au traitement d'images.

Une vulnérabilité de type débordement de mémoire présente dans la routine de décodage des fichiers BMP compressés au format RLE 8 bits peut être exploitée par une personne mal intentionnée mettant à disposition de l'utilisateur d'ImageMagick une image habilement constituée.

Solution

La version 6.0.6-2 d'ImageMagick corrige cette vulnérabilité.

ImageMagick dont la version est antérieure à la 6.0.6-2.

Impacted products
Vendor Product Description
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eImageMagick dont la version est  ant\u00e9rieure \u00e0 la 6.0.6-2.\u003c/p\u003e",
  "content": "## Description\n\nImageMagick est un ensemble d\u0027outils destin\u00e9s au traitement d\u0027images.\n\nUne vuln\u00e9rabilit\u00e9 de type d\u00e9bordement de m\u00e9moire pr\u00e9sente dans la\nroutine de d\u00e9codage des fichiers BMP compress\u00e9s au format RLE 8 bits\npeut \u00eatre exploit\u00e9e par une personne mal intentionn\u00e9e mettant \u00e0\ndisposition de l\u0027utilisateur d\u0027ImageMagick une image habilement\nconstitu\u00e9e.\n\n## Solution\n\nLa version 6.0.6-2 d\u0027ImageMagick corrige cette vuln\u00e9rabilit\u00e9.\n",
  "cves": [],
  "initial_release_date": "2004-09-02T00:00:00",
  "last_revision_date": "2004-10-21T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2004:494 du 20 octobre    2004 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2004-494.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2004:480 du 20 octobre    2004 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2004-480.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-547 du 16 septembre 2004 :",
      "url": "http://www.debian.org/security/2004/dsa-547"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SecurityTracker #1011103 du 31 ao\u00fbt    2004 :",
      "url": "http://www.securitytracker.com/alerts/2004/Aug/1011103.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA 200409-12 du 08 septembre    2004 :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-12.xml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 FreeBSD du 31 ao\u00fbt 2004 :",
      "url": "http://www.vuxml.org/freebsd/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandrake MDKSA-2004:102 du 22    septembre 2004 :",
      "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:102"
    },
    {
      "title": "Site Internet d\u0027ImageMagick :",
      "url": "http://www.imagemagick.org"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Sun #57648 du 20 septembre 2004 :",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57648-1"
    },
    {
      "title": "Mise-\u00e0-jour ImageMagick\u003c6.0.6.2 pour NetBSD :",
      "url": "ftp://ftp.netbsd.org/pub/NetBSD/packages/distfiles/vulnerabilities"
    }
  ],
  "reference": "CERTA-2004-AVI-295",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2004-09-02T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Gentoo.",
      "revision_date": "2004-09-08T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Debian.",
      "revision_date": "2004-09-17T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Sun.",
      "revision_date": "2004-09-22T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Mandrake.",
      "revision_date": "2004-09-23T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin FreeBSD et \u00e0 la mise-\u00e0-jour NetBSD.",
      "revision_date": "2004-09-28T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence aux bulletins de s\u00e9curit\u00e9 de Red Hat.",
      "revision_date": "2004-10-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9 dans ImageMagick",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 #1011103 de SecurityTracker",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.