Mandriva Update For ImageMagick MDVSA-2008:099 (ImageMagick) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A heap-based buffer overflow vulnerability was found in how ImageMagick parsed XCF files. If ImageMagick opened a specially-crafted XCF file, it could be made to overwrite heap memory beyond the bounds of its allocated memory, potentially allowing an attacker to execute arbitrary code on the system running ImageMagick (CVE-2008-1096). Another heap-based buffer overflow vulnerability was found in how ImageMagick processed certain malformed PCX images. If ImageMagick opened a specially-crafted PCX image file, an attacker could possibly execute arbitrary code on the system running ImageMagick (CVE-2008-1097). The updated packages have been patched to correct these issues.

Affected

ImageMagick on Mandriva Linux 2007.1, Mandriva Linux 2007.1/X86_64, Mandriva Linux 2008.0, Mandriva Linux 2008.0/X86_64

Severity

Classification

CVE CVE-2008-1096, CVE-2008-1097

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:108 (zsh)
Mandrake Security Advisory MDVSA-2009:027 (cups)
Mandrake Security Advisory MDVSA-2009:017 (kdebase)
Mandrake Security Advisory MDVSA-2009:139 (libtorrent-rasterbar)
Mandrake Security Advisory MDVSA-2009:048-1 (epiphany)

Mandriva Update for ImageMagick MDVSA-2008:099 (ImageMagick)

Take action and discover your vulnerabilities