ImageMagick format string vulnerability. The fix for CVE-2005-0397 is incomplete. As the Debian bug suggests, by running a command such as: convert file.jpg file%d%n.jpg A segfault will result in ImageMagick. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345876 This issue also affects RHEL3 This issue also affects RHEL2.1
The fix in the debian bug is incomplete, the same code is repeated in blob.c
Created attachment 122767 [details] patch for 6.2.5 (Rawhide)
Created attachment 122771 [details] patch for 6.0.7 (RHEL 4)
Created attachment 122772 [details] patch for 5.5.6 (RHEL 3)
Created attachment 122773 [details] patch for 5.3.8 (RHEL 2.1)
The fixes are contained in ImageMagick-6.0.7.1-14 (RHEL4) ImageMagick-5.5.6-17 (RHEL 3) ImageMagick-5.3.8-14 (RHEL 2.1)
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2006-0178.html