| Vulnerability Name: | CVE-2005-0397 (CCN-19586) | ||||||||||||||||||||||||
| Assigned: | 2005-02-02 | ||||||||||||||||||||||||
| Published: | 2005-02-02 | ||||||||||||||||||||||||
| Updated: | 2017-10-11 | ||||||||||||||||||||||||
| Summary: | Format string vulnerability in the SetImageInfo function in image.c for ImageMagick before 6.0.2.5 may allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a filename argument to convert, which may be called by other web applications. | ||||||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||
| References: | Source: CONFIRM Type: Patch http://bugs.gentoo.org/show_bug.cgi?id=83542 Source: MITRE Type: CNA CVE-2005-0397 Source: MITRE Type: CNA CVE-2006-0082 Source: BUGTRAQ Type: UNKNOWN 20050303 [USN-90-1] Imagemagick vulnerability Source: CCN Type: RHSA-2005-070 ImageMagick security update Source: CCN Type: RHSA-2005-320 ImageMagick security update Source: CCN Type: RHSA-2006-0178 ImageMagick security update Source: CCN Type: SA18261 ImageMagick Utilities Image Filename Handling Two Vulnerabilities Source: CCN Type: SA28800 Sun Solaris ImageMagick Multiple Vulnerabilities Source: CCN Type: SECTRACK ID: 1015623 ImageMagick SetImageInfo() Format String Bug May Let Remote Users Execute Arbitrary Code Source: CCN Type: Sun Alert ID: 231321 Security Vulnerabilities in ImageMagick May Lead to Arbitrary Code Execution or Denial of Service (DoS) Source: CCN Type: ASA-2006-048 ImageMagick security update (RHSA-2006-0178) Source: CCN Type: ASA-2008-055 Security Vulnerabilities in ImageMagick May Lead to Arbitrary Code Execution or Denial of Service (DoS) (Sun 231321) Source: DEBIAN Type: Patch, Vendor Advisory DSA-702 Source: DEBIAN Type: DSA-1213 imagemagick -- several vulnerabilities Source: DEBIAN Type: DSA-702 imagemagick -- several vulnerabilities Source: CCN Type: GLSA-200503-11 ImageMagick: Filename handling vulnerability Source: GENTOO Type: Patch GLSA-200503-11 Source: CCN Type: GLSA-200602-06 ImageMagick: Format string vulnerability Source: CCN Type: GLSA-200602-13 GraphicsMagick: Format string vulnerability Source: SUSE Type: Patch, Vendor Advisory SUSE-SA:2005:017 Source: REDHAT Type: UNKNOWN RHSA-2005:070 Source: REDHAT Type: Patch, Vendor Advisory RHSA-2005:320 Source: CCN Type: BID-12717 ImageMagick File Name Handling Remote Format String Vulnerability Source: CCN Type: TLSA-2005-47 Multiple vulnerabilities exist in ImageMagick Source: CCN Type: USN-246-1 imagemagick vulnerabilities Source: CCN Type: USN-90-1 Imagemagick vulnerability Source: XF Type: UNKNOWN imagemagick-filename-format-string(19586) Source: XF Type: UNKNOWN imagemagick-filename-format-string(19586) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:10302 Source: SUSE Type: SUSE-SA:2005:017 ImageMagick: remote code execution Source: SUSE Type: SUSE-SR:2006:006 SUSE Security Summary Report | ||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||