Bug 176925 - CVE-2006-0082 ImageMagick format string vulnerability.
Summary: CVE-2006-0082 ImageMagick format string vulnerability.
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: ImageMagick
Version: 4.0
Hardware: All
OS: Linux
Target Milestone: ---
: ---
Assignee: Matthias Clasen
QA Contact: Mike McLean
Whiteboard: reported=20060104,public=20060104,sou...
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2006-01-04 14:14 UTC by Josh Bressers
Modified: 2007-11-30 22:07 UTC (History)
0 users

Clone Of:
Last Closed: 2006-02-14 16:08:09 UTC

Attachments (Terms of Use)
patch for 6.2.5 (Rawhide) (1.52 KB, patch)
2006-01-04 17:05 UTC, Matthias Clasen
no flags Details | Diff
patch for 6.0.7 (RHEL 4) (846 bytes, patch)
2006-01-04 18:52 UTC, Matthias Clasen
no flags Details | Diff
patch for 5.5.6 (RHEL 3) (802 bytes, patch)
2006-01-04 18:54 UTC, Matthias Clasen
no flags Details | Diff
patch for 5.3.8 (RHEL 2.1) (800 bytes, patch)
2006-01-04 18:55 UTC, Matthias Clasen
no flags Details | Diff

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2006:0178 normal SHIPPED_LIVE Moderate: ImageMagick security update 2006-02-14 05:00:00 UTC

Description Josh Bressers 2006-01-04 14:14:11 UTC
ImageMagick format string vulnerability.

The fix for CVE-2005-0397 is incomplete.  As the Debian bug suggests,
by running a command such as:

convert file.jpg file%d%n.jpg

A segfault will result in ImageMagick.


This issue also affects RHEL3
This issue also affects RHEL2.1

Comment 1 Matthias Clasen 2006-01-04 17:04:07 UTC
The fix in the debian bug is incomplete, the same code is repeated in blob.c

Comment 2 Matthias Clasen 2006-01-04 17:05:34 UTC
Created attachment 122767 [details]
patch for 6.2.5 (Rawhide)

Comment 3 Matthias Clasen 2006-01-04 18:52:42 UTC
Created attachment 122771 [details]
patch for 6.0.7 (RHEL 4)

Comment 4 Matthias Clasen 2006-01-04 18:54:29 UTC
Created attachment 122772 [details]
patch for 5.5.6 (RHEL 3)

Comment 5 Matthias Clasen 2006-01-04 18:55:30 UTC
Created attachment 122773 [details]
patch for 5.3.8 (RHEL 2.1)

Comment 6 Matthias Clasen 2006-01-06 18:51:01 UTC
The fixes are contained in 
ImageMagick- (RHEL4)
ImageMagick-5.5.6-17 (RHEL 3)
ImageMagick-5.3.8-14 (RHEL 2.1)

Comment 9 Red Hat Bugzilla 2006-02-14 16:08:09 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.