ImageMagick SetImageInfo() file name format string

imagemagick-filename-format-string (19586) The risk level is classified as HighHigh Risk

Description:

ImageMagick is vulnerable to a format string attack caused by a vulnerability in the handling of file names by the SetImageInfo() function. A remote attacker could exploit this vulnerability to cause a denial of service or execute arbitrary commands on the system by embedding malicious format specifiers in an image file name.


Consequences:

Gain Access

Remedy:

For Ubuntu Linux:
Refer to USN-90-1 and USN-246-1 for patch, upgrade, or suggested workaround information. See References.

For SUSE Linux:
Upgrade to the latest imagemagick, as listed below. Refer to SUSE Security Announcement SUSE-SA:2005:017 for more information. See References.

x86:
SUSE Linux 9.2: 6.0.7-4.6 or later
SUSE Linux 9.1: 5.5.7-225.15 or later
SUSE Linux 9.0: 5.5.7-233 or later
SUSE Linux 8.2: 5.5.4-125 or later

x86-64 Platform:
SUSE Linux 9.2: 6.0.7-4.6 or later
SUSE Linux 9.1: 5.5.7-225.15 or later
SUSE Linux 9.0: 5.5.7-233 or later

For Debian GNU/Linux:
Refer to DSA-1213-1 for patch, upgrade, or suggested workaround information. See References.

For Debian GNU/Linux:
Refer to DSA-702-1 for patch, upgrade, or suggested workaround information. See References.

For Red Hat Linux:
Refer to RHSA-2005:320-10 and RHSA-2006:0178-4 for patch, upgrade, or suggested workaround information. See References.

For Red Hat Linux (ImageMagick):
Refer to RHSA-2005:070-16 for patch, upgrade, or suggested workaround information. See References.

For Gentoo Linux:
Refer to Gentoo Linux Security Announcement GLSA 2006-02-13, GLSA 2006-02-06, or GLSA 2005-03-11 for patch, upgrade, or suggested workaround information. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

References:

  • Sun Alert ID: 231321: Security Vulnerabilities in ImageMagick May Lead to Arbitrary Code Execution or Denial of Service (DoS).
  • ASA-2006-048: ImageMagick security update (RHSA-2006-0178)
  • ASA-2008-055: Security Vulnerabilities in ImageMagick May Lead to Arbitrary Code Execution or Denial of Service (DoS) (Sun 231321)
  • BID-12717: ImageMagick File Name Handling Remote Format String Vulnerability
  • CVE-2005-0397: Format string vulnerability in the SetImageInfo function in image.c for ImageMagick before 6.0.2.5 may allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a filename argument to convert, which may be called by other web applications.
  • CVE-2006-0082: Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program.
  • DSA-1213: imagemagick -- several vulnerabilities
  • DSA-702: imagemagick -- several vulnerabilities
  • GLSA-200503-11: ImageMagick: Filename handling vulnerability
  • GLSA-200602-06: ImageMagick: Format string vulnerability
  • GLSA-200602-13: GraphicsMagick: Format string vulnerability
  • MDKSA-2005:065: Updated ImageMagick packages fix multiple vulnerabilities
  • MDKSA-2006:024: Updated ImageMagick packages fix vulnerabilities
  • RHSA-2005-070: ImageMagick security update
  • RHSA-2005-320: ImageMagick security update
  • RHSA-2006-0178: ImageMagick security update
  • SA18261: ImageMagick Utilities Image Filename Handling Two Vulnerabilities
  • SA28800: Sun Solaris ImageMagick Multiple Vulnerabilities
  • SECTRACK ID: 1015623: ImageMagick SetImageInfo() Format String Bug May Let Remote Users Execute Arbitrary Code
  • SUSE-SA:2005:017: ImageMagick: remote code execution
  • SUSE-SR:2006:006: SUSE Security Summary Report

Platforms Affected:

  • Canonical Ubuntu 4.10
  • Canonical Ubuntu 5.04
  • Canonical Ubuntu 5.10
  • Debian Debian Linux 3.0
  • Debian Debian Linux 3.1
  • Gentoo Linux
  • ImageMagick ImageMagick prior to 5:6.0.2.5-1
  • MandrakeSoft Mandrake Linux 10.0 AMD64
  • MandrakeSoft Mandrake Linux 10.0
  • MandrakeSoft Mandrake Linux 10.1
  • MandrakeSoft Mandrake Linux 10.1 X86_64
  • MandrakeSoft Mandrake Linux 2006
  • MandrakeSoft Mandrake Linux 2006 X86_64
  • MandrakeSoft Mandrake Linux Corporate Server 2.1 X86_64
  • MandrakeSoft Mandrake Linux Corporate Server 2.1
  • MandrakeSoft Mandrake Linux Corporate Server 3.0 X86_64
  • MandrakeSoft Mandrake Linux Corporate Server 3.0
  • Novell Linux Desktop 9
  • RedHat Enterprise Linux 2.1 AS
  • RedHat Enterprise Linux 2.1 WS
  • RedHat Enterprise Linux 2.1 ES
  • RedHat Enterprise Linux 3 AS
  • RedHat Enterprise Linux 3 ES
  • RedHat Enterprise Linux 3 Desktop
  • RedHat Enterprise Linux 3 WS
  • RedHat Enterprise Linux 4 Desktop
  • RedHat Enterprise Linux 4 WS
  • RedHat Enterprise Linux 4 ES
  • RedHat Enterprise Linux 4 AS
  • RedHat Linux Advanced Workstation 2.1 Itanium
  • Sun Solaris 10 x86
  • Sun Solaris 10 SPARC
  • Sun Solaris 9 x86
  • Sun Solaris 9 SPARC
  • SuSE Linux Enterprise Server 8
  • SUSE SuSE Linux 8.2
  • SUSE SuSE Linux 9.0
  • SUSE SuSE Linux 9.1
  • SUSE SuSE Linux 9.2
  • SuSE SuSE Linux Desktop 1.0
  • SuSE SuSE SLES 9
  • Turbolinux Turbolinux 10 Desktop
  • Turbolinux Turbolinux 10 F...
  • Turbolinux Turbolinux 10 Server
  • Turbolinux Turbolinux 7 Server
  • Turbolinux Turbolinux 7 Workstation
  • Turbolinux Turbolinux 8 Server
  • Turbolinux Turbolinux 8 Workstation
  • Turbolinux Turbolinux Home

Reported:

Mar 03, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page