Bug 192279 - CVE-2006-2440 ImageMagick heap overflow
Summary: CVE-2006-2440 ImageMagick heap overflow
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: ImageMagick
Version: 5
Hardware: All
OS: Linux
medium
low
Target Milestone: ---
Assignee: Norm Murray
QA Contact:
URL:
Whiteboard: public=20060102,source=cve,impact=low...
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-05-18 18:51 UTC by Josh Bressers
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

(edit)
Clone Of:
(edit)
Last Closed: 2006-10-13 11:54:26 UTC


Attachments (Terms of Use)

Description Josh Bressers 2006-05-18 18:51:55 UTC
ImageMagick heap overflow

ImageMagick's DisplayImageCommand contains a heap overflow flaw.  It
is possible to pass an unexpanded glob to ImageMagick which will be
expanded by ImageMagick and overflow heap memory.

The patch and more information can be found in the Debian bug:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345595


This issue also affects FC4

Comment 1 Fedora Update System 2006-05-24 23:30:03 UTC
ImageMagick-6.2.5.4-4.2.1.fc5.2 has been pushed for fc5, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.

Comment 2 David Eisenstein 2006-10-13 11:54:26 UTC
This bug also seems to track the fc4 version of ImageMagick.

As noted above, ImageMagick-6.2.5.4-4.2.1.fc5.2 was pushed to updates for fc5.
<http://www.redhat.com/archives/fedora-package-announce/2006-May/msg00125.html>.

Also, ImageMagick-6.2.2.0-3.fc4.2 was pushed to updates for fc4.
<http://www.redhat.com/archives/fedora-package-announce/2006-May/msg00124.html>.

For some reason, when these were pushed (by Matthias Clasen?), this bug was
not closed, even though it appears that the Fedora Updates System posted news
of the fc5 version in comment #1.

Closing, ERRATA.


Note You need to log in before you can comment on or make changes to this bug.