From 4f2d7949f03e1c198bc888f2d05f421d35c57e21 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 9 Oct 2017 18:53:29 +0100 Subject: reinit the tree, so we can have metadata --- metadata/glsa/glsa-200710-27.xml | 71 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 metadata/glsa/glsa-200710-27.xml (limited to 'metadata/glsa/glsa-200710-27.xml') diff --git a/metadata/glsa/glsa-200710-27.xml b/metadata/glsa/glsa-200710-27.xml new file mode 100644 index 000000000000..6f145e37fca5 --- /dev/null +++ b/metadata/glsa/glsa-200710-27.xml @@ -0,0 +1,71 @@ + + + + ImageMagick: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in ImageMagick, possibly + resulting in arbitrary code execution or a Denial of Service. + + imagemagick + 2007-10-24 + 2007-10-24: 01 + 186030 + remote + + + 6.3.5.10 + 6.3.5.10 + + + +

+ ImageMagick is a collection of tools and libraries for manipulating + various image formats. +

+ + +

+ regenrecht reported multiple infinite loops in functions ReadDCMImage() + and ReadXCFImage() (CVE-2007-4985), multiple integer overflows when + handling certain types of images (CVE-2007-4986, CVE-2007-4988), and an + off-by-one error in the ReadBlobString() function (CVE-2007-4987). +

+ + +

+ A remote attacker could entice a user to open a specially crafted + image, possibly resulting in the remote execution of arbitrary code + with the privileges of the user running the application, or an + excessive CPU consumption. Note that applications relying on + ImageMagick to process images can also trigger the vulnerability. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ImageMagick users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.3.5.10" + + + CVE-2007-4985 + CVE-2007-4986 + CVE-2007-4987 + CVE-2007-4988 + + + rbu + + + p-y + + + keytoaster + + -- cgit v1.2.3