From a24567fbc43f221b14e805f9bc0b7c6d16911c46 Mon Sep 17 00:00:00 2001 From: Alex Legler Date: Sun, 8 Mar 2015 22:02:38 +0100 Subject: Import existing advisories --- glsa-200710-27.xml | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 glsa-200710-27.xml (limited to 'glsa-200710-27.xml') diff --git a/glsa-200710-27.xml b/glsa-200710-27.xml new file mode 100644 index 00000000..00198b2d --- /dev/null +++ b/glsa-200710-27.xml @@ -0,0 +1,74 @@ + + + + + + + ImageMagick: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in ImageMagick, possibly + resulting in arbitrary code execution or a Denial of Service. + + imagemagick + October 24, 2007 + October 24, 2007: 01 + 186030 + remote + + + 6.3.5.10 + 6.3.5.10 + + + +

+ ImageMagick is a collection of tools and libraries for manipulating + various image formats. +

+ + +

+ regenrecht reported multiple infinite loops in functions ReadDCMImage() + and ReadXCFImage() (CVE-2007-4985), multiple integer overflows when + handling certain types of images (CVE-2007-4986, CVE-2007-4988), and an + off-by-one error in the ReadBlobString() function (CVE-2007-4987). +

+ + +

+ A remote attacker could entice a user to open a specially crafted + image, possibly resulting in the remote execution of arbitrary code + with the privileges of the user running the application, or an + excessive CPU consumption. Note that applications relying on + ImageMagick to process images can also trigger the vulnerability. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ImageMagick users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.3.5.10" + + + CVE-2007-4985 + CVE-2007-4986 + CVE-2007-4987 + CVE-2007-4988 + + + rbu + + + p-y + + + keytoaster + + -- cgit v1.2.3-65-gdbad