ImageMagick May Execute Arbitrary Code in Malicious Image Files
SecurityTracker Alert ID: 1007194|
SecurityTracker URL: http://securitytracker.com/id/1007194
(Links to External Site)
Date: Jul 14 2003
Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via local system, User access via network|
Version(s): 5.4.3.x (except for the last version in that series) and prior versions|
A vulnerability was reported in ImageMagick. A user can cause a target user's application to execute arbitrary code.|
Angelo Rosiello and DTORS reported that a user can create a specially crafted image file so that when the target user attempts to view the file using ImageMagick, arbitrary code will be executed with the privileges of the target user.
A user can create a file that, when viewed by ImageMagick, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user.|
No solution was available at the time of this entry.|
Vendor URL: www.imagemagick.org/ (Links to External Site)
|Underlying OS: Linux (Any), UNIX (Any)|
Source Message Contents
Subject: ImageMagick's Overflow|
Rosiello Security's Advisory
The ImageMagick (display) is an image viewer.
ImageMagick is part of the KDE desktop and is
bundled with all major Linux distributions.
A vulnerability was found in this application that could lead to the
execution of arbitrary code with the privileges of the user running the
This vulnerability can be exploited from within email clients that use
as default for image viewing.
It is possible that an user could load the "malicious" file
directly,exploiting him self.
Class: Input validation error
Remotely Exploitable: No
Locally Exploitable: Yes but hardly
Exploitation can provide local attackers with user access to an affected
The following shows how the "malicious" file can cause the crash of
[root@localhost root]# ls -l /usr/X11R6/bin/display
-rwxr-xr-x 1 root root 30564 Mar 14 2002 /usr/X11R6/bin/display
[root@localhost root]# touch %x
[root@localhost root]# gdb display
Starting program: /usr/X11R6/bin/display
[New Thread 1024 (LWP 757)]
At this point open the file "%x" via ImageMagick.
On the gdb prompt you will see the following:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1024 (LWP 757)]
0x4003cf0b in SetExceptionInfo () from /usr/X11R6/lib/libMagick.so.5
All distributions supporting ImageMagick are affected.
Red Hat, Mandrake, Suse and maybe others.
Up to 5.4.3.x, all versions are vulnerable but the last one.
Mainteiners were informed and consented about this Advisory.
This vulnerability was found by Angelo Rosiello.