SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   ImageMagick Vendors:   ImageMagick.org
ImageMagick Format String Flaw in Processing Filenames May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1013551
SecurityTracker URL:  http://securitytracker.com/id/1013551
CVE Reference:   CVE-2005-0397   (Links to External Site)
Date:  Mar 24 2005
Impact:   Execution of arbitrary code via network, User access via network

Version(s): 6.2.0 and prior versions
Description:   A format string vulnerability was reported in ImageMagick. A remote user may be able to cause arbitrary code to be executed on the target system.

The software processes file names without properly applying a format string specifier. A remote user can create a specially crafted filename containing format string characters. When the file is processed by the target user, arbitrary code may be executed on the target user's system.

Tavis Ormandy discovered the vulnerability.

Impact:   A remote user can cause arbitrary code to be executed on the target user's system.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.imagemagick.org/ (Links to External Site)
Cause:   Input validation error, State error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC