Package: imagemagick Severity: serious Tags: security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi, The following SA (Secunia Advisory) id was published for imagemagick: SA35216[0]: > DESCRIPTION: > Tielei Wang has discovered a vulnerability in ImageMagick, which can > be exploited by malicious people to potentially compromise a user's > system. > > The vulnerability is caused due to an integer overflow error within > the "XMakeImage()" function in magick/xwindow.c. This can be > exploited to cause a buffer overflow via e.g. a specially crafted > TIFF file. > > Successful exploitation may allow execution of arbitrary code. > > The vulnerability is confirmed in version 6.5.2-8. Prior versions may > also be affected. > > SOLUTION: > Update to version 6.5.2-9. > > PROVIDED AND/OR DISCOVERED BY: > Tielei Wang, ICST-ERCIS (Engineering Research Center of Info > Security, Institute of Computer Science and Technology, Peking > University) > > ORIGINAL ADVISORY: > ImageMagick: > http://imagemagick.org/script/changelog.php If you fix the vulnerability please also make sure to include the CVE id (if will be available) in the changelog entry. [0]http://secunia.com/advisories/35216/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkoeOU8ACgkQNxpp46476apsTACfeXUukW4HpJRAEzEv/EuPfOHZ 8sIAn2iR9jkY0FdIPJVJ6ewcY3UB853d =yTEV -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org