Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2010:0653
HistoryAug 25, 2010 - 5:20 p.m.

ImageMagick security update

2010-08-2517:20:42
CentOS Project
lists.centos.org
47

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.055

Percentile

93.2%

JSON

CentOS Errata and Security Advisory CESA-2010:0653

ImageMagick is an image display and manipulation tool for the X Window
System that can read and write multiple image formats.

An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the ImageMagick routine responsible for creating X11 images. An
attacker could create a specially-crafted image file that, when opened by a
victim, would cause ImageMagick to crash or, potentially, execute arbitrary
code. (CVE-2009-1882)

Users of ImageMagick are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. All running
instances of ImageMagick must be restarted for this update to take effect.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2010-August/079102.html
https://lists.centos.org/pipermail/centos-announce/2010-August/079103.html

Affected packages:
ImageMagick
ImageMagick-c++
ImageMagick-c+±devel
ImageMagick-devel
ImageMagick-perl

Upstream details at:
https://access.redhat.com/errata/RHSA-2010:0653

OSVersionArchitecturePackageVersionFilename
CentOS4i386imagemagick< 6.0.7.1-20.el4_8.1ImageMagick-6.0.7.1-20.el4_8.1.i386.rpm
CentOS4i386imagemagick-c++< 6.0.7.1-20.el4_8.1ImageMagick-c++-6.0.7.1-20.el4_8.1.i386.rpm
CentOS4i386imagemagick-c++-devel< 6.0.7.1-20.el4_8.1ImageMagick-c++-devel-6.0.7.1-20.el4_8.1.i386.rpm
CentOS4i386imagemagick-devel< 6.0.7.1-20.el4_8.1ImageMagick-devel-6.0.7.1-20.el4_8.1.i386.rpm
CentOS4i386imagemagick-perl< 6.0.7.1-20.el4_8.1ImageMagick-perl-6.0.7.1-20.el4_8.1.i386.rpm
CentOS4x86_64imagemagick< 6.0.7.1-20.el4_8.1ImageMagick-6.0.7.1-20.el4_8.1.x86_64.rpm
CentOS4x86_64imagemagick-c++< 6.0.7.1-20.el4_8.1ImageMagick-c++-6.0.7.1-20.el4_8.1.x86_64.rpm
CentOS4x86_64imagemagick-c++-devel< 6.0.7.1-20.el4_8.1ImageMagick-c++-devel-6.0.7.1-20.el4_8.1.x86_64.rpm
CentOS4x86_64imagemagick-devel< 6.0.7.1-20.el4_8.1ImageMagick-devel-6.0.7.1-20.el4_8.1.x86_64.rpm
CentOS4x86_64imagemagick-perl< 6.0.7.1-20.el4_8.1ImageMagick-perl-6.0.7.1-20.el4_8.1.x86_64.rpm

Related

nessus 27
openvas 36
fedora 3
oraclelinux 3
prion 1
ubuntu 1
redhat 2
cvelist 1
ubuntucve 1
debiancve 1
securityvulns 2
veracode 1
centos 1
gentoo 2
cve 1
nvd 1
debian 2
osv 2
nessus
nessus
CentOS 4 : ImageMagick (CESA-2010:0653)
2010-08-26 00:00:00
ImageMagick < 6.5.2-9 magick/xwindow.c XMakeImage() Function TIFF File Handling Overflow
2009-05-29 00:00:00
Fedora 12 : GraphicsMagick-1.3.7-4.fc12 (2010-0036)
2010-07-01 00:00:00
openvas
openvas
CentOS Update for ImageMagick CESA-2010:0653 centos4 i386
2010-08-30 00:00:00
Mandrake Security Advisory MDVSA-2009:261 (graphicsmagick)
2009-10-13 00:00:00
SLES11: Security update for ImageMagick
2009-10-11 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: GraphicsMagick-1.3.7-4.fc12
2010-01-12 20:38:34
[SECURITY] Fedora 11 Update: ImageMagick-6.5.1.2-2.fc11
2010-01-07 21:51:05
[SECURITY] Fedora 11 Update: GraphicsMagick-1.3.7-4.fc11
2010-01-12 20:48:55
oraclelinux
oraclelinux
ImageMagick security and bug fix update
2010-08-25 00:00:00
ImageMagick security update
2010-08-25 00:00:00
ImageMagick security and bug fix update
2012-03-01 00:00:00
prion
prion
Integer overflow
2009-06-02 15:30:00
ubuntu
ubuntu
ImageMagick vulnerability
2009-06-08 00:00:00
redhat
redhat
(RHSA-2010:0653) Moderate: ImageMagick security update
2010-08-25 00:00:00
(RHSA-2010:0652) Moderate: ImageMagick security and bug fix update
2010-08-25 00:00:00
cvelist
cvelist
CVE-2009-1882
2009-06-02 15:00:00
ubuntucve
ubuntucve
CVE-2009-1882
2009-06-02 00:00:00
debiancve
debiancve
CVE-2009-1882
2009-06-02 15:30:00
securityvulns
securityvulns
[USN-784-1] ImageMagick vulnerability
2009-06-09 00:00:00
ImageMagick integer overflow
2009-06-09 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:47:34
centos
centos
ImageMagick security update
2010-08-25 17:23:04
gentoo
gentoo
ImageMagick: User-assisted execution of arbitrary code
2010-06-01 00:00:00
GraphicsMagick: Multiple vulnerabilities
2013-11-19 00:00:00
cve
cve
CVE-2009-1882
2009-06-02 15:30:00
nvd
nvd
CVE-2009-1882
2009-06-02 15:30:00
debian
debian
[SECURITY] [DSA 1858-1] New imagemagick packages fix several vulnerabilities
2009-08-10 17:05:37
[SECURITY] [DSA 1903-1] New graphicsmagick packages fix several vulnerabilities
2009-10-07 19:08:51
osv
osv
imagemagick - several vulnerabilities
2009-08-10 00:00:00
graphicsmagick - several
2009-10-07 00:00:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.055

Percentile

93.2%

JSON
Related for CESA-2010:0653
nessus27openvas36fedora3oraclelinux3prion1ubuntu1redhat2cvelist1ubuntucve1debiancve1securityvulns2veracode1centos1gentoo2cve1nvd1debian2osv2