Vulnerabilities > CVE-2007-4986 - Numeric Errors vulnerability in Imagemagick

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
imagemagick
CWE-189
nessus

Summary

Multiple integer overflows in ImageMagick before 6.3.5-9 allow context-dependent attackers to execute arbitrary code via a crafted (1) .dcm, (2) .dib, (3) .xbm, (4) .xcf, or (5) .xwd image file, which triggers a heap-based buffer overflow.

Vulnerable Configurations

Part Description Count
Application
Imagemagick
57

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-0145.NASL
    descriptionUpdated ImageMagick packages that correct several security issues are now available for Red Hat Enterprise Linux versions 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Several heap-based buffer overflow flaws were found in ImageMagick. If a victim opened a specially crafted DCM or XWD file, an attacker could potentially execute arbitrary code on the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id31995
    published2008-04-22
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31995
    titleCentOS 3 / 4 / 5 : ImageMagick (CESA-2008:0145)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1903.NASL
    descriptionSeveral vulnerabilities have been discovered in graphicsmagick, a collection of image processing tool, which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1667 Multiple integer overflows in XInitImage function in xwd.c for GraphicsMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. It only affects the oldstable distribution (etch). - CVE-2007-1797 Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted DCM image, or the colors or comments field in a crafted XWD image. It only affects the oldstable distribution (etch). - CVE-2007-4985 A crafted image file can trigger an infinite loop in the ReadDCMImage function or in the ReadXCFImage function. It only affects the oldstable distribution (etch). - CVE-2007-4986 Multiple integer overflows allow context-dependent attackers to execute arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file, which triggers a heap-based buffer overflow. It only affects the oldstable distribution (etch). - CVE-2007-4988 A sign extension error allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. It affects only the oldstable distribution (etch). - CVE-2008-1096 The load_tile function in the XCF coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write. It affects only oldstable (etch). - CVE-2008-3134 Multiple vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via vectors in the AVI, AVS, DCM, EPT, FITS, MTV, PALM, RLA, and TGA decoder readers; and the GetImageCharacteristics function in magick/image.c, as reachable from a crafted PNG, JPEG, BMP, or TIFF file. - CVE-2008-6070 Multiple heap-based buffer underflows in the ReadPALMImage function in coders/palm.c in GraphicsMagick before 1.2.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PALM image. - CVE-2008-6071 Heap-based buffer overflow in the DecodeImage function in coders/pict.c in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PICT image. - CVE-2008-6072 Multiple vulnerabilities in GraphicsMagick allow remote attackers to cause a denial of service (crash) via vectors in XCF and CINEON images. - CVE-2008-6621 Vulnerability in GraphicsMagick allows remote attackers to cause a denial of service (crash) via vectors in DPX images. - CVE-2009-1882 Integer overflow allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow.
    last seen2020-06-01
    modified2020-06-02
    plugin id44768
    published2010-02-24
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44768
    titleDebian DSA-1903-1 : graphicsmagick - several vulnerabilities
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2008-035.NASL
    descriptionMultiple vulnerabilities were discovered in the image decoders of ImageMagick. If a user or automated system were tricked into processing malicious DCM, DIB, XBM, XCF, or XWD images, a remote attacker could execute arbitrary code with user privileges. The updated packages have been patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id37331
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/37331
    titleMandriva Linux Security Advisory : ImageMagick (MDVSA-2008:035)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-523-1.NASL
    descriptionMultiple vulnerabilities were found in the image decoders of ImageMagick. If a user or automated system were tricked into processing a malicious DCM, DIB, XBM, XCF, or XWD image, a remote attacker could execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id28128
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28128
    titleUbuntu 6.06 LTS / 6.10 / 7.04 : imagemagick vulnerabilities (USN-523-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0165.NASL
    descriptionUpdated ImageMagick packages that correct several security issues are now available for Red Hat Enterprise Linux version 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Several heap-based buffer overflow flaws were found in ImageMagick. If a victim opened a specially crafted DCM or XWD file, an attacker could potentially execute arbitrary code on the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id31985
    published2008-04-18
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31985
    titleRHEL 2.1 : ImageMagick (RHSA-2008:0165)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-0145.NASL
    descriptionFrom Red Hat Security Advisory 2008:0145 : Updated ImageMagick packages that correct several security issues are now available for Red Hat Enterprise Linux versions 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Several heap-based buffer overflow flaws were found in ImageMagick. If a victim opened a specially crafted DCM or XWD file, an attacker could potentially execute arbitrary code on the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id67656
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67656
    titleOracle Linux 3 / 4 / 5 : ImageMagick (ELSA-2008-0145)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_IMAGEMAGICK-4541.NASL
    descriptionThis update of ImageMagick fixes several vulnerabilities. - infinite loop while parsing images. (CVE-2007-4985) - integer overflows that can lead to code execution. (CVE-2007-4986) - one-byte buffer overflow that can lead to code execution (SLES8- and SLES9-based products are not affected). (CVE-2007-4987) - integer overflows that can lead to code execution. (CVE-2007-4988)
    last seen2020-06-01
    modified2020-06-02
    plugin id29353
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29353
    titleSuSE 10 Security Update : ImageMagick (ZYPP Patch Number 4541)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20080416_IMAGEMAGICK_ON_SL3_X.NASL
    descriptionSeveral heap-based buffer overflow flaws were found in ImageMagick. If a victim opened a specially crafted DCM or XWD file, an attacker could potentially execute arbitrary code on the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id60382
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60382
    titleScientific Linux Security Update : ImageMagick on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200710-27.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200710-27 (ImageMagick: Multiple vulnerabilities) regenrecht reported multiple infinite loops in functions ReadDCMImage() and ReadXCFImage() (CVE-2007-4985), multiple integer overflows when handling certain types of images (CVE-2007-4986, CVE-2007-4988), and an off-by-one error in the ReadBlobString() function (CVE-2007-4987). Impact : A remote attacker could entice a user to open a specially crafted image, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application, or an excessive CPU consumption. Note that applications relying on ImageMagick to process images can also trigger the vulnerability. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id27559
    published2007-10-25
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27559
    titleGLSA-200710-27 : ImageMagick: Multiple vulnerabilities
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1858.NASL
    descriptionSeveral vulnerabilities have been discovered in the imagemagick image manipulation programs which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1667 Multiple integer overflows in XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. It only affects the oldstable distribution (etch). - CVE-2007-1797 Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted DCM image, or the colors or comments field in a crafted XWD image. It only affects the oldstable distribution (etch). - CVE-2007-4985 A crafted image file can trigger an infinite loop in the ReadDCMImage function or in the ReadXCFImage function. It only affects the oldstable distribution (etch). - CVE-2007-4986 Multiple integer overflows allow context-dependent attackers to execute arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file, which triggers a heap-based buffer overflow. It only affects the oldstable distribution (etch). - CVE-2007-4987 Off-by-one error allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a
    last seen2020-06-01
    modified2020-06-02
    plugin id44723
    published2010-02-24
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44723
    titleDebian DSA-1858-1 : imagemagick - multiple vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_IMAGEMAGICK-4543.NASL
    descriptionThis update of ImageMagick fixes several vulnerabilities. - CVE-2007-4985: infinite loop while parsing images - CVE-2007-4986: integer overflows that can lead to code execution - CVE-2007-4987: one-byte buffer overflow that can lead to code execution (SLES8- and SLES9-based products are not affected) - CVE-2007-4988: integer overflows that can lead to code execution
    last seen2020-06-01
    modified2020-06-02
    plugin id27604
    published2007-11-01
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27604
    titleopenSUSE 10 Security Update : ImageMagick (ImageMagick-4543)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0145.NASL
    descriptionUpdated ImageMagick packages that correct several security issues are now available for Red Hat Enterprise Linux versions 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Several heap-based buffer overflow flaws were found in ImageMagick. If a victim opened a specially crafted DCM or XWD file, an attacker could potentially execute arbitrary code on the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id31984
    published2008-04-18
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31984
    titleRHEL 3 / 4 / 5 : ImageMagick (RHSA-2008:0145)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_F5B29EC071F911DC8C6A00304881AC9A.NASL
    descriptionMultiple vulnerabilities have been discovered in ImageMagick. ImageMagick before 6.3.5-9 allows context-dependent attackers to cause a denial of service via a crafted image file that triggers (1) an infinite loop in the ReadDCMImage function, related to ReadBlobByte function calls; or (2) an infinite loop in the ReadXCFImage function, related to ReadBlobMSBLong function calls. Multiple integer overflows in ImageMagick before 6.3.5-9 allow context-dependent attackers to execute arbitrary code via a crafted (1) .dcm, (2) .dib, (3) .xbm, (4) .xcf, or (5) .xwd image file, which triggers a heap-based buffer overflow. Off-by-one error in the ReadBlobString function in blob.c in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a
    last seen2020-06-01
    modified2020-06-02
    plugin id26978
    published2007-10-12
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/26978
    titleFreeBSD : ImageMagick -- multiple vulnerabilities (f5b29ec0-71f9-11dc-8c6a-00304881ac9a)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_GRAPHICSMAGICK-4539.NASL
    descriptionThis update of GraphicsMagick fixes several vulnerabilities. - CVE-2007-4985: infinite loop while parsing images - CVE-2007-4986: integer overflows that can lead to code execution - CVE-2007-4987: one-byte buffer overflow that can lead to code execution - CVE-2007-4988: integer overflows that can lead to code execution
    last seen2020-06-01
    modified2020-06-02
    plugin id27603
    published2007-11-01
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27603
    titleopenSUSE 10 Security Update : GraphicsMagick (GraphicsMagick-4539)

Oval

accepted2013-04-29T04:23:41.345-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionMultiple integer overflows in ImageMagick before 6.3.5-9 allow context-dependent attackers to execute arbitrary code via a crafted (1) .dcm, (2) .dib, (3) .xbm, (4) .xcf, or (5) .xwd image file, which triggers a heap-based buffer overflow.
familyunix
idoval:org.mitre.oval:def:9963
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleMultiple integer overflows in ImageMagick before 6.3.5-9 allow context-dependent attackers to execute arbitrary code via a crafted (1) .dcm, (2) .dib, (3) .xbm, (4) .xcf, or (5) .xwd image file, which triggers a heap-based buffer overflow.
version27

Redhat

advisories
  • rhsa
    idRHSA-2008:0145
  • rhsa
    idRHSA-2008:0165
rpms
  • ImageMagick-0:5.5.6-28
  • ImageMagick-0:6.0.7.1-17.el4_6.1
  • ImageMagick-0:6.2.8.0-4.el5_1.1
  • ImageMagick-c++-0:5.5.6-28
  • ImageMagick-c++-0:6.0.7.1-17.el4_6.1
  • ImageMagick-c++-0:6.2.8.0-4.el5_1.1
  • ImageMagick-c++-devel-0:5.5.6-28
  • ImageMagick-c++-devel-0:6.0.7.1-17.el4_6.1
  • ImageMagick-c++-devel-0:6.2.8.0-4.el5_1.1
  • ImageMagick-debuginfo-0:5.5.6-28
  • ImageMagick-debuginfo-0:6.0.7.1-17.el4_6.1
  • ImageMagick-debuginfo-0:6.2.8.0-4.el5_1.1
  • ImageMagick-devel-0:5.5.6-28
  • ImageMagick-devel-0:6.0.7.1-17.el4_6.1
  • ImageMagick-devel-0:6.2.8.0-4.el5_1.1
  • ImageMagick-perl-0:5.5.6-28
  • ImageMagick-perl-0:6.0.7.1-17.el4_6.1
  • ImageMagick-perl-0:6.2.8.0-4.el5_1.1
  • ImageMagick-0:5.3.8-21
  • ImageMagick-c++-0:5.3.8-21
  • ImageMagick-c++-devel-0:5.3.8-21
  • ImageMagick-devel-0:5.3.8-21
  • ImageMagick-perl-0:5.3.8-21