Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2010:0652
HistoryAug 25, 2010 - 5:23 p.m.

ImageMagick security update

2010-08-2517:23:04
CentOS Project
lists.centos.org
53

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.055

Percentile

93.2%

JSON

CentOS Errata and Security Advisory CESA-2010:0652

ImageMagick is an image display and manipulation tool for the X Window
System that can read and write multiple image formats.

An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the ImageMagick routine responsible for creating X11 images. An
attacker could create a specially-crafted image file that, when opened by a
victim, would cause ImageMagick to crash or, potentially, execute arbitrary
code. (CVE-2009-1882)

This update also fixes the following bug:

  • previously, portions of certain RGB images on the right side were not
    rendered and left black when converting or displaying them. With this
    update, RGB images display correctly. (BZ#625058)

Users of ImageMagick are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. All running
instances of ImageMagick must be restarted for this update to take effect.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2010-August/079104.html
https://lists.centos.org/pipermail/centos-announce/2010-August/079105.html

Affected packages:
ImageMagick
ImageMagick-c++
ImageMagick-c+±devel
ImageMagick-devel
ImageMagick-perl

Upstream details at:
https://access.redhat.com/errata/RHSA-2010:0652

OSVersionArchitecturePackageVersionFilename
CentOS5i386imagemagick< 6.2.8.0-4.el5_5.2ImageMagick-6.2.8.0-4.el5_5.2.i386.rpm
CentOS5i386imagemagick-c++< 6.2.8.0-4.el5_5.2ImageMagick-c++-6.2.8.0-4.el5_5.2.i386.rpm
CentOS5i386imagemagick-c++-devel< 6.2.8.0-4.el5_5.2ImageMagick-c++-devel-6.2.8.0-4.el5_5.2.i386.rpm
CentOS5i386imagemagick-devel< 6.2.8.0-4.el5_5.2ImageMagick-devel-6.2.8.0-4.el5_5.2.i386.rpm
CentOS5i386imagemagick-perl< 6.2.8.0-4.el5_5.2ImageMagick-perl-6.2.8.0-4.el5_5.2.i386.rpm
CentOS5i386imagemagick< 6.2.8.0-4.el5_5.2ImageMagick-6.2.8.0-4.el5_5.2.i386.rpm
CentOS5x86_64imagemagick< 6.2.8.0-4.el5_5.2ImageMagick-6.2.8.0-4.el5_5.2.x86_64.rpm
CentOS5i386imagemagick-c++< 6.2.8.0-4.el5_5.2ImageMagick-c++-6.2.8.0-4.el5_5.2.i386.rpm
CentOS5x86_64imagemagick-c++< 6.2.8.0-4.el5_5.2ImageMagick-c++-6.2.8.0-4.el5_5.2.x86_64.rpm
CentOS5i386imagemagick-c++-devel< 6.2.8.0-4.el5_5.2ImageMagick-c++-devel-6.2.8.0-4.el5_5.2.i386.rpm
Rows per page:
1-10 of 141

Related

nessus 27
openvas 36
fedora 3
oraclelinux 3
gentoo 2
securityvulns 2
redhat 2
nvd 1
cve 1
debiancve 1
ubuntucve 1
prion 1
ubuntu 1
centos 1
cvelist 1
veracode 1
debian 2
osv 2
nessus
nessus
CentOS 4 : ImageMagick (CESA-2010:0653)
2010-08-26 00:00:00
ImageMagick < 6.5.2-9 magick/xwindow.c XMakeImage() Function TIFF File Handling Overflow
2009-05-29 00:00:00
Fedora 12 : GraphicsMagick-1.3.7-4.fc12 (2010-0036)
2010-07-01 00:00:00
openvas
openvas
CentOS Update for ImageMagick CESA-2010:0653 centos4 i386
2010-08-30 00:00:00
Mandrake Security Advisory MDVSA-2009:261 (graphicsmagick)
2009-10-13 00:00:00
SLES11: Security update for ImageMagick
2009-10-11 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: GraphicsMagick-1.3.7-4.fc12
2010-01-12 20:38:34
[SECURITY] Fedora 11 Update: ImageMagick-6.5.1.2-2.fc11
2010-01-07 21:51:05
[SECURITY] Fedora 11 Update: GraphicsMagick-1.3.7-4.fc11
2010-01-12 20:48:55
oraclelinux
oraclelinux
ImageMagick security and bug fix update
2010-08-25 00:00:00
ImageMagick security update
2010-08-25 00:00:00
ImageMagick security and bug fix update
2012-03-01 00:00:00
gentoo
gentoo
ImageMagick: User-assisted execution of arbitrary code
2010-06-01 00:00:00
GraphicsMagick: Multiple vulnerabilities
2013-11-19 00:00:00
securityvulns
securityvulns
ImageMagick integer overflow
2009-06-09 00:00:00
[USN-784-1] ImageMagick vulnerability
2009-06-09 00:00:00
redhat
redhat
(RHSA-2010:0652) Moderate: ImageMagick security and bug fix update
2010-08-25 00:00:00
(RHSA-2010:0653) Moderate: ImageMagick security update
2010-08-25 00:00:00
nvd
nvd
CVE-2009-1882
2009-06-02 15:30:00
cve
cve
CVE-2009-1882
2009-06-02 15:30:00
debiancve
debiancve
CVE-2009-1882
2009-06-02 15:30:00
ubuntucve
ubuntucve
CVE-2009-1882
2009-06-02 00:00:00
prion
prion
Integer overflow
2009-06-02 15:30:00
ubuntu
ubuntu
ImageMagick vulnerability
2009-06-08 00:00:00
centos
centos
ImageMagick security update
2010-08-25 17:20:42
cvelist
cvelist
CVE-2009-1882
2009-06-02 15:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:47:34
debian
debian
[SECURITY] [DSA 1858-1] New imagemagick packages fix several vulnerabilities
2009-08-10 17:05:37
[SECURITY] [DSA 1903-1] New graphicsmagick packages fix several vulnerabilities
2009-10-07 19:08:51
osv
osv
imagemagick - several vulnerabilities
2009-08-10 00:00:00
graphicsmagick - several
2009-10-07 00:00:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.055

Percentile

93.2%

JSON
Related for CESA-2010:0652
nessus27openvas36fedora3oraclelinux3gentoo2securityvulns2redhat2nvd1cve1debiancve1ubuntucve1prion1ubuntu1centos1cvelist1veracode1debian2osv2