ImageMagick™ is an image display and manipulation tool for the X Window
System.
A buffer overflow flaw was discovered in the ImageMagick image handler.
An attacker could create a carefully crafted image file with an improper
EXIF information in such a way that it would cause ImageMagick to execute
arbitrary code when processing the image. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0981 to
this issue.
David Eisenstein has reported that our previous fix for CAN-2004-0827, a
heap overflow flaw, was incomplete. An attacker could create a carefully
crafted BMP file in such a way that it could cause ImageMagick to execute
arbitrary code when processing the image. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0827 to
this issue.
Users of ImageMagick should upgrade to these updated packages, which
contain a backported patch, and is not vulnerable to this issue.