Lucene search

K

Veracode Vulnerability DatabaseVERACODE:23236

HistoryApr 10, 2020 - 12:20 a.m.

Arbitrary Code Execution

2020-04-1000:20:13

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

12

EPSS

0.043

Percentile

92.5%

imagemagick is vulnerable to arbitrary code execution. The vulnerability exists as a heap-based buffer overflow flaw was found in the way ImageMagick parsed XCF files. If a specially-crafted XCF image was opened, ImageMagick could be made to overwrite heap memory beyond the bounds of its allocated memory. This could, potentially, allow an attacker to execute arbitrary code on the machine running ImageMagick.

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=414370

lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html

osvdb.org/43212

secunia.com/advisories/29786

secunia.com/advisories/30967

secunia.com/advisories/32945

secunia.com/advisories/36260

www.debian.org/security/2009/dsa-1858

www.mandriva.com/security/advisories?name=MDVSA-2008:099

www.redhat.com/security/updates/classification/#moderate

www.redhat.com/support/errata/RHSA-2008-0145.html

www.securityfocus.com/bid/28821

www.securitytracker.com/id?1019880

www.ubuntu.com/usn/USN-681-1

access.redhat.com/errata/RHSA-2008:0145

bugzilla.redhat.com/show_bug.cgi?id=286411

exchange.xforce.ibmcloud.com/vulnerabilities/41194

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10843

EPSS

0.043

Percentile

92.5%

Related for VERACODE:23236

openvas20 cvelist1 prion1 debiancve1 cve1 nessus11 ubuntucve1 ubuntu1 nvd1 seebug1 oraclelinux2 centos1 redhat1 debian2 osv2