Red Hat Bugzilla – Bug 176925
CVE-2006-0082 ImageMagick format string vulnerability.
Last modified: 2007-11-30 17:07:22 EST
ImageMagick format string vulnerability.
The fix for CVE-2005-0397 is incomplete. As the Debian bug suggests,
by running a command such as:
convert file.jpg file%d%n.jpg
A segfault will result in ImageMagick.
This issue also affects RHEL3
This issue also affects RHEL2.1
The fix in the debian bug is incomplete, the same code is repeated in blob.c
Created attachment 122767 [details]
patch for 6.2.5 (Rawhide)
Created attachment 122771 [details]
patch for 6.0.7 (RHEL 4)
Created attachment 122772 [details]
patch for 5.5.6 (RHEL 3)
Created attachment 122773 [details]
patch for 5.3.8 (RHEL 2.1)
The fixes are contained in
ImageMagick-5.5.6-17 (RHEL 3)
ImageMagick-5.3.8-14 (RHEL 2.1)
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.