Vulnerabilities > CVE-2005-0397 - Unspecified vulnerability in Imagemagick

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
imagemagick
nessus

Summary

Format string vulnerability in the SetImageInfo function in image.c for ImageMagick before 6.0.2.5 may allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a filename argument to convert, which may be called by other web applications.

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200503-11.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200503-11 (ImageMagick: Filename handling vulnerability) Tavis Ormandy of the Gentoo Linux Security Audit Team has identified a flaw in the handling of filenames by the ImageMagick utilities. Impact : Successful exploitation may disrupt web applications that depend on ImageMagick for image processing, potentially executing arbitrary code. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id17283
    published2005-03-07
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/17283
    titleGLSA-200503-11 : ImageMagick: Filename handling vulnerability
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 200503-11.
    #
    # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(17283);
      script_version("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:42");
    
      script_cve_id("CVE-2005-0397");
      script_xref(name:"GLSA", value:"200503-11");
    
      script_name(english:"GLSA-200503-11 : ImageMagick: Filename handling vulnerability");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-200503-11
    (ImageMagick: Filename handling vulnerability)
    
        Tavis Ormandy of the Gentoo Linux Security Audit Team has identified a
        flaw in the handling of filenames by the ImageMagick utilities.
      
    Impact :
    
        Successful exploitation may disrupt web applications that depend on
        ImageMagick for image processing, potentially executing arbitrary code.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200503-11"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All ImageMagick users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=media-gfx/imagemagick-6.2.0.4'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:imagemagick");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/03/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/03/07");
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/03/04");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"media-gfx/imagemagick", unaffected:make_list("ge 6.2.0.4"), vulnerable:make_list("lt 6.2.0.4"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ImageMagick");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-235.NASL
    descriptionAndrei Nigmatulin discovered a heap based buffer overflow flaw in the ImageMagick image handler. An attacker could create a carefully crafted Photoshop Document (PSD) image in such a way that it would cause ImageMagick to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0005 to this issue. A format string bug was found in the way ImageMagick handles filenames. An attacker could execute arbitrary code in a victims machine if they are able to trick the victim into opening a file with a specially crafted name. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0397 to this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id19628
    published2005-09-12
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19628
    titleFedora Core 3 : ImageMagick-6.2.0.7-2.fc3 (2005-235)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2006-024.NASL
    descriptionThe delegate code in ImageMagick 6.2.4.x allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command. (CVE-2005-4601) A format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3, and other versions, allows user-complicit attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program. (CVE-2006-0082) The updated packages have been patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id20818
    published2006-01-29
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20818
    titleMandrake Linux Security Advisory : ImageMagick (MDKSA-2006:024)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-234.NASL
    descriptionAndrei Nigmatulin discovered a heap based buffer overflow flaw in the ImageMagick image handler. An attacker could create a carefully crafted Photoshop Document (PSD) image in such a way that it would cause ImageMagick to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0005 to this issue. A format string bug was found in the way ImageMagick handles filenames. An attacker could execute arbitrary code in a victims machine if they are able to trick the victim into opening a file with a specially crafted name. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0397 to this issue. A bug was found in the way ImageMagick handles TIFF tags. It is possible that a TIFF image file with an invalid tag could cause ImageMagick to crash. A bug was found in ImageMagick
    last seen2020-06-01
    modified2020-06-02
    plugin id18316
    published2005-05-19
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/18316
    titleFedora Core 2 : ImageMagick-6.2.0.7-2.fc2 (2005-234)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_713C39138C2B11D9B58C0001020EED82.NASL
    descriptionTavis Ormandy reports : magemagick-6.2.0-3 fixes an potential issue handling malformed filenames, the flaw may affect webapps or scripts that use the imagemagick utilities for image processing, or applications linked with libMagick. This vulnerability could crash ImageMagick or potentially lead to the execution of arbitrary code with the permissions of the user running ImageMagick.
    last seen2020-06-01
    modified2020-06-02
    plugin id18980
    published2005-07-13
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/18980
    titleFreeBSD : ImageMagick -- format string vulnerability (713c3913-8c2b-11d9-b58c-0001020eed82)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-702.NASL
    descriptionSeveral vulnerabilities have been discovered in ImageMagick, a commonly used image manipulation library. These problems can be exploited by a carefully crafted graphic image. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-0397 Tavis Ormandy discovered a format string vulnerability in the filename handling code which allows a remote attacker to cause a denial of service and possibly execute arbitrary code. - CAN-2005-0759 Andrei Nigmatulin discovered a denial of service condition which can be caused by an invalid tag in a TIFF image. - CAN-2005-0760 Andrei Nigmatulin discovered that the TIFF decoder is vulnerable to accessing memory out of bounds which will result in a segmentation fault. - CAN-2005-0762 Andrei Nigmatulin discovered a buffer overflow in the SGI parser which allows a remote attacker to execute arbitrary code via a specially crafted SGI image file.
    last seen2020-06-01
    modified2020-06-02
    plugin id17673
    published2005-04-02
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/17673
    titleDebian DSA-702-1 : imagemagick - several vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-070.NASL
    descriptionUpdated ImageMagick packages that fix a heap based buffer overflow are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick is an image display and manipulation tool for the X Window System. Andrei Nigmatulin discovered a heap based buffer overflow flaw in the ImageMagick image handler. An attacker could create a carefully crafted Photoshop Document (PSD) image in such a way that it would cause ImageMagick to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0005 to this issue. A format string bug was found in the way ImageMagick handles filenames. An attacker could execute arbitrary code on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id17621
    published2005-03-25
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/17621
    titleRHEL 2.1 / 3 : ImageMagick (RHSA-2005:070)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-320.NASL
    descriptionUpdated ImageMagick packages that fix a format string bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick(TM) is an image display and manipulation tool for the X Window System which can read and write multiple image formats. A format string bug was found in the way ImageMagick handles filenames. An attacker could execute arbitrary code on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id17623
    published2005-03-25
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/17623
    titleRHEL 4 : ImageMagick (RHSA-2005:320)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SA_2005_017.NASL
    descriptionThe remote host is missing the patch for the advisory SUSE-SA:2005:017 (ImageMagick). This update fixes several security issues in the ImageMagick program suite: - A format string vulnerability was found in the display program which could lead to a remote attacker being to able to execute code as the user running display by providing handcrafted filenames of images. This is tracked by the Mitre CVE ID CVE-2005-0397. Andrei Nigmatulin reported 4 problems in older versions of ImageMagick: - A bug was found in the way ImageMagick handles TIFF tags. It is possible that a TIFF image file with an invalid tag could cause ImageMagick to crash. This is tracked by the Mitre CVE ID CVE-2005-0759. Only ImageMagick version before version 6 are affected. - A bug was found in ImageMagick
    last seen2020-06-01
    modified2020-06-02
    plugin id17606
    published2005-03-24
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/17606
    titleSUSE-SA:2005:017: ImageMagick
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-90-1.NASL
    descriptionTavis Ormandy discovered a format string vulnerability in ImageMagick
    last seen2020-06-01
    modified2020-06-02
    plugin id20716
    published2006-01-15
    reporterUbuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20716
    titleUbuntu 4.10 : imagemagick vulnerability (USN-90-1)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-065.NASL
    descriptionA format string vulnerability was discovered in ImageMagick, in the way it handles filenames. An attacker could execute arbitrary code on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id17677
    published2005-04-02
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/17677
    titleMandrake Linux Security Advisory : ImageMagick (MDKSA-2005:065)

Oval

accepted2013-04-29T04:04:25.904-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionFormat string vulnerability in the SetImageInfo function in image.c for ImageMagick before 6.0.2.5 may allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a filename argument to convert, which may be called by other web applications.
familyunix
idoval:org.mitre.oval:def:10302
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleFormat string vulnerability in the SetImageInfo function in image.c for ImageMagick before 6.0.2.5 may allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a filename argument to convert, which may be called by other web applications.
version26

Redhat

advisories
  • rhsa
    idRHSA-2005:070
  • rhsa
    idRHSA-2005:320
rpms
  • ImageMagick-0:5.5.6-13
  • ImageMagick-c++-0:5.5.6-13
  • ImageMagick-c++-devel-0:5.5.6-13
  • ImageMagick-debuginfo-0:5.5.6-13
  • ImageMagick-devel-0:5.5.6-13
  • ImageMagick-perl-0:5.5.6-13
  • ImageMagick-0:6.0.7.1-10
  • ImageMagick-c++-0:6.0.7.1-10
  • ImageMagick-c++-devel-0:6.0.7.1-10
  • ImageMagick-debuginfo-0:6.0.7.1-10
  • ImageMagick-devel-0:6.0.7.1-10
  • ImageMagick-perl-0:6.0.7.1-10