| Revision Date: | 2013-04-29 | Version: | 11 | | Title: | Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program. | | Description: | Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program. | | Family: | unix | Class: | vulnerability | | Status: | ACCEPTED | Reference(s): | CVE-2006-0082
| | Platform(s): | CentOS Linux 3
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
| Product(s): | | | Definition Synopsis | | OS Section: RHEL3, CentOS3 RHEL3 or CentOS3
The operating system installed on the system is Red Hat Enterprise Linux 3
OR CentOS Linux 3.x
AND Configuration section
ImageMagick-c++-devel is earlier than 0:5.5.6-18
OR ImageMagick is earlier than 0:5.5.6-18
OR ImageMagick-perl is earlier than 0:5.5.6-18
OR ImageMagick-devel is earlier than 0:5.5.6-18
OR ImageMagick-c++ is earlier than 0:5.5.6-18
OR OS Section: RHEL4, CentOS4, Oracle Linux 4
RHEL4, CentOS4 or Oracle Linux 4
The operating system installed on the system is Red Hat Enterprise Linux 4
OR CentOS Linux 4.x
OR Oracle Linux 4.x
AND Configuration section
ImageMagick-c++-devel is earlier than 0:6.0.7.1-14
OR ImageMagick is earlier than 0:6.0.7.1-14
OR ImageMagick-perl is earlier than 0:6.0.7.1-14
OR ImageMagick-devel is earlier than 0:6.0.7.1-14
OR ImageMagick-c++ is earlier than 0:6.0.7.1-14
|
|