CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
93.2%
CentOS Errata and Security Advisory CESA-2010:0653
ImageMagick is an image display and manipulation tool for the X Window
System that can read and write multiple image formats.
An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the ImageMagick routine responsible for creating X11 images. An
attacker could create a specially-crafted image file that, when opened by a
victim, would cause ImageMagick to crash or, potentially, execute arbitrary
code. (CVE-2009-1882)
Users of ImageMagick are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. All running
instances of ImageMagick must be restarted for this update to take effect.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2010-August/079102.html
https://lists.centos.org/pipermail/centos-announce/2010-August/079103.html
Affected packages:
ImageMagick
ImageMagick-c++
ImageMagick-c+±devel
ImageMagick-devel
ImageMagick-perl
Upstream details at:
https://access.redhat.com/errata/RHSA-2010:0653
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 4 | i386 | imagemagick | < 6.0.7.1-20.el4_8.1 | ImageMagick-6.0.7.1-20.el4_8.1.i386.rpm |
CentOS | 4 | i386 | imagemagick-c++ | < 6.0.7.1-20.el4_8.1 | ImageMagick-c++-6.0.7.1-20.el4_8.1.i386.rpm |
CentOS | 4 | i386 | imagemagick-c++-devel | < 6.0.7.1-20.el4_8.1 | ImageMagick-c++-devel-6.0.7.1-20.el4_8.1.i386.rpm |
CentOS | 4 | i386 | imagemagick-devel | < 6.0.7.1-20.el4_8.1 | ImageMagick-devel-6.0.7.1-20.el4_8.1.i386.rpm |
CentOS | 4 | i386 | imagemagick-perl | < 6.0.7.1-20.el4_8.1 | ImageMagick-perl-6.0.7.1-20.el4_8.1.i386.rpm |
CentOS | 4 | x86_64 | imagemagick | < 6.0.7.1-20.el4_8.1 | ImageMagick-6.0.7.1-20.el4_8.1.x86_64.rpm |
CentOS | 4 | x86_64 | imagemagick-c++ | < 6.0.7.1-20.el4_8.1 | ImageMagick-c++-6.0.7.1-20.el4_8.1.x86_64.rpm |
CentOS | 4 | x86_64 | imagemagick-c++-devel | < 6.0.7.1-20.el4_8.1 | ImageMagick-c++-devel-6.0.7.1-20.el4_8.1.x86_64.rpm |
CentOS | 4 | x86_64 | imagemagick-devel | < 6.0.7.1-20.el4_8.1 | ImageMagick-devel-6.0.7.1-20.el4_8.1.x86_64.rpm |
CentOS | 4 | x86_64 | imagemagick-perl | < 6.0.7.1-20.el4_8.1 | ImageMagick-perl-6.0.7.1-20.el4_8.1.x86_64.rpm |