Red Hat Bugzilla – Bug 192279
CVE-2006-2440 ImageMagick heap overflow
Last modified: 2007-11-30 17:11:33 EST
ImageMagick heap overflow
ImageMagick's DisplayImageCommand contains a heap overflow flaw. It
is possible to pass an unexpanded glob to ImageMagick which will be
expanded by ImageMagick and overflow heap memory.
The patch and more information can be found in the Debian bug:
This issue also affects FC4
ImageMagick-126.96.36.199-4.2.1.fc5.2 has been pushed for fc5, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.
This bug also seems to track the fc4 version of ImageMagick.
As noted above, ImageMagick-188.8.131.52-4.2.1.fc5.2 was pushed to updates for fc5.
Also, ImageMagick-184.108.40.206-3.fc4.2 was pushed to updates for fc4.
For some reason, when these were pushed (by Matthias Clasen?), this bug was
not closed, even though it appears that the Fedora Updates System posted news
of the fc5 version in comment #1.