---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,700 different Windows applications. Request your account, the Secunia Network Software Inspector (NSI): http://secunia.com/network_software_inspector/ ---------------------------------------------------------------------- TITLE: ImageMagick Multiple Vulnerabilities SECUNIA ADVISORY ID: SA26926 VERIFY ADVISORY: http://secunia.com/advisories/26926/ CRITICAL: Highly critical IMPACT: DoS, System access WHERE: >From remote SOFTWARE: ImageMagick 6.x http://secunia.com/product/3763/ ImageMagick 5.x http://secunia.com/product/1791/ DESCRIPTION: Some vulnerabilities have been reported in ImageMagick, which can be exploited by malicious people to conduct DoS (Denial of Service) attacks or compromise a user's system. 1) Some integer overflow errors exist within the "AllocateImageColormap()", "ReadDCMImage()", "ReadDIBImage()", and "ReadXBMImage()" functions when processing image files. These can be exploited to cause heap-based buffer overflows via specially crafted image files. 2) An off-by-one error exists within the "ReadBlobString()" function in magick/blob.c when processing image files. This can be exploited to cause a one-byte buffer overflow via a specially crafted image file. 3) A sign extension error exists within the "ReadDIBImage()" function when processing image files. This can be exploited to cause a heap-based buffer overflow when processing specially crafted DIB files. Successful exploitation of the vulnerabilities allows execution of arbitrary code. 4) Some errors within the "ReadDCMImage()" and "ReadXCFImage()" functions can be exploited to cause the execution of infinite loops via specially crafted DCM or XCF files. The vulnerabilities are reported in versions prior to 6.3.5-9. SOLUTION: Update to version 6.3.5-9. http://www.imagemagick.org/script/download.php PROVIDED AND/OR DISCOVERED BY: Discovered by regenrecht and reported via iDefense. ORIGINAL ADVISORY: ImageMagick: http://studio.imagemagick.org/pipermail/magick-announce/2007-September/000037.html http://www.imagemagick.org/script/changelog.php iDefense: 1) http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=594 2) http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=595 3) http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=597 4) http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=596 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------