Oval Definition:oval:com.redhat.rhsa:def:20040636
Revision Date:2004-12-08Version:502
Title:RHSA-2004:636: ImageMagick security update (Important)
Description:ImageMagick(TM) is an image display and manipulation tool for the X Window System.

A buffer overflow flaw was discovered in the ImageMagick image handler. An attacker could create a carefully crafted image file with an improper EXIF information in such a way that it would cause ImageMagick to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0981 to this issue.

David Eisenstein has reported that our previous fix for CAN-2004-0827, a heap overflow flaw, was incomplete. An attacker could create a carefully crafted BMP file in such a way that it could cause ImageMagick to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0827 to this issue.

Users of ImageMagick should upgrade to these updated packages, which contain a backported patch, and is not vulnerable to this issue.
Family:unixClass:patch
Status:Reference(s):CVE-2004-0827
CVE-2004-0981
RHSA-2004:636-01
Platform(s):Red Hat Enterprise Linux 3
Product(s):
Definition Synopsis
  • Red Hat Enterprise Linux 3 is installed
  • AND Package Information
  • ImageMagick-c++-devel is earlier than 0:5.5.6-7
  • AND ImageMagick-c++-devel is signed with Red Hat master key
  • OR
  • ImageMagick-devel is earlier than 0:5.5.6-7
  • AND ImageMagick-devel is signed with Red Hat master key
  • OR
  • ImageMagick-perl is earlier than 0:5.5.6-7
  • AND ImageMagick-perl is signed with Red Hat master key
  • OR
  • ImageMagick is earlier than 0:5.5.6-7
  • AND ImageMagick is signed with Red Hat master key
  • OR
  • ImageMagick-c++ is earlier than 0:5.5.6-7
  • AND ImageMagick-c++ is signed with Red Hat master key
  • BACK