Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Multimedia)  >   ImageMagick Vendors:
ImageMagick May Execute Arbitrary Code in Malicious Image Files
SecurityTracker Alert ID:  1007194
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 14 2003
Impact:   Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via local system, User access via network

Version(s): 5.4.3.x (except for the last version in that series) and prior versions
Description:   A vulnerability was reported in ImageMagick. A user can cause a target user's application to execute arbitrary code.

Angelo Rosiello and DTORS reported that a user can create a specially crafted image file so that when the target user attempts to view the file using ImageMagick, arbitrary code will be executed with the privileges of the target user.

Impact:   A user can create a file that, when viewed by ImageMagick, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.

 Source Message Contents

Subject:  ImageMagick's Overflow

                       ImageMagick's Overflow

                    Rosiello Security's Advisory

The ImageMagick (display) is an image viewer.
ImageMagick is part of the KDE desktop and is
bundled with all major Linux distributions.

A vulnerability was found in this application that could lead to the
execution of arbitrary code with the privileges of the user running the 
This vulnerability can be exploited from within email clients that use 
as default for image viewing.
It is possible that an user could load the "malicious" file 
directly,exploiting him self. 

Class: Input validation error
Remotely Exploitable: No
Locally Exploitable: Yes but hardly
Exploitation can provide local attackers with user access to an affected 
The following shows how the "malicious" file can cause the crash of 
[root@localhost root]# ls -l /usr/X11R6/bin/display
-rwxr-xr-x 1 root root 30564 Mar 14 2002 /usr/X11R6/bin/display
[root@localhost root]# touch %x
[root@localhost root]# gdb display
(gdb) r
Starting program: /usr/X11R6/bin/display
[New Thread 1024 (LWP 757)]

At this point open the file "%x" via ImageMagick.
On the gdb prompt you will see the following:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1024 (LWP 757)]
0x4003cf0b in SetExceptionInfo () from /usr/X11R6/lib/

All distributions supporting ImageMagick are affected.
Red Hat, Mandrake, Suse and maybe others.
Vulnerable Packages:
Up to 5.4.3.x, all versions are vulnerable but the last one.
Mainteiners were informed and consented about this Advisory. 

This vulnerability was found by Angelo Rosiello.



Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, LLC