ISS X-Force Database: imagemagick-loadtile-code-execution(41194): ImageMagick and GraphicsMagick load

ImageMagick and GraphicsMagick load_tile code execution

imagemagick-loadtile-code-execution (41194)

High Risk

Description:

ImageMagick and GraphicsMagick could allow a remote attacker to execute arbitrary code on the system, caused by an error in the load_tile function in the XCF coder. By persuading a victim to open a specially-crafted .xcf file, a remote attacker could exploit this vulnerability to corrupt memory and execute arbitrary code or cause a denial of service.

Platforms Affected:

Canonical, Ubuntu 6.06 LTS
Canonical, Ubuntu 7.10
GraphicsMagick, GraphicsMagick 1.1.7
ImageMagick, ImageMagick 6.2.8-0
MandrakeSoft, Mandrake Linux 2007.1 X86_64
MandrakeSoft, Mandrake Linux 2007.1
MandrakeSoft, Mandrake Linux 2008.0 X86_64
MandrakeSoft, Mandrake Linux 2008.0
MandrakeSoft, Mandrake Linux Corporate Server 3.0 X86_64
MandrakeSoft, Mandrake Linux Corporate Server 3.0
MandrakeSoft, Mandrake Linux Corporate Server 4.0
MandrakeSoft, Mandrake Linux Corporate Server 4.0 X86_64
RedHat, Enterprise Linux 3 Desktop
RedHat, Enterprise Linux 3 ES
RedHat, Enterprise Linux 3 AS
RedHat, Enterprise Linux 3 WS
RedHat, Enterprise Linux 4 Desktop
RedHat, Enterprise Linux 4 AS
RedHat, Enterprise Linux 4 ES
RedHat, Enterprise Linux 4 WS
RedHat, Enterprise Linux 5
RedHat, Enterprise Linux 5 Client Workstation
RedHat, Enterprise Linux 5 Client

Remedy:

Apply the appropriate update for your system. See References.

Consequences:

Gain Access

References:

Debian Bug report logs - #414370, graphicsmagick: Couple of segfaults in PICT coder at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414370.
GraphicsMagick Web site, GraphicsMagick Image Processing System at http://www.graphicsmagick.org/.
ImageMagick Web site, Introduction to ImageMagick at http://www.imagemagick.org/script/index.php.
Red Hat Bugzilla Bug 286411, Out of bound write in ImageMagick's XCF coder at https://bugzilla.redhat.com/show_bug.cgi?id=286411.
ASA-2008-168: ImageMagick security update (RHSA-2008-0145)
BID-28821: ImageMagick Malformed XCF File Heap Overflow Vulnerability
CVE-2008-1096: The load_tile function in the XCF coder in coders/xcf.c in (1) ImageMagick 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write, possibly related to the ScaleCharToQuantum function.
MDVSA-2008:099: Updated ImageMagick packages fix vulnerabilities
RHSA-2008-0145: Moderate: ImageMagick security update
SECTRACK ID: 1019880: ImageMagick Heap Overflow in Processing XCF Files Lets Remote Users Execute Arbitrary Code
SUSE-SR:2008:014: [security-announce] SUSE Security Summary Report SUSE-SR:2008:014
USN-681-1: ImageMagick vulnerability

Reported:

Sep 11, 2007

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page