ImageMagick SetImageInfo() Format String Bug May Let Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1015623
|
|
SecurityTracker URL: http://securitytracker.com/id?1015623
|
|
CVE Reference: CVE-2006-0082
(Links to External Site)
|
Date: Feb 14 2006
|
Impact: Denial of service via network, Execution of arbitrary code via network, User access via network
|
Description: A vulnerability was reported in ImageMagick. A remote user may be able to cause arbitrary code to be executed on the target user's system.
The SetImageInfo() function in 'image.c' contains a format string vulnerability. A remote user can create a specially named file
that contains format string characters. When the file is processed (using the convert program, for example), arbitrary code may
be executed with the privileges of the user running ImageMagick.
Daniel Kobras discovered this vulnerability.
|
Impact: A remote user can create a specially named file that, when processed by ImageMagick, may execute arbitrary code with the privileges of the target user.
|
Solution: No upstream solution was available at the time of this entry.
|
Vendor URL: www.imagemagick.org/ (Links to External Site)
|
Cause: Input validation error, State error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Tue, 14 Feb 2006 12:10:06 -0500
Subject: ImageMagick SetImageInfo() format string vulnerability
|
CVE-2006-0082
CVE reported:
Format string vulnerability in the SetImageInfo function in image.c for ImageMagick
6.2.3, and other versions, allows user-complicit attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a numeric format string specifier such
as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the
convert program.
|
|
