Rapid7 Vulnerability & Exploit Database

RHSA-2010:0652: ImageMagick security and bug fix update

Back to Search

RHSA-2010:0652: ImageMagick security and bug fix update

Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
06/02/2009
Created
07/25/2018
Added
08/30/2010
Modified
07/04/2017

Description

ImageMagick is an image display and manipulation tool for the X WindowSystem that can read and write multiple image formats.An integer overflow flaw, leading to a heap-based buffer overflow, wasfound in the ImageMagick routine responsible for creating X11 images. Anattacker could create a specially-crafted image file that, when opened by avictim, would cause ImageMagick to crash or, potentially, execute arbitrarycode. (CVE-2009-1882)This update also fixes the following bug:Users of ImageMagick are advised to upgrade to these updated packages,which contain backported patches to correct these issues. All runninginstances of ImageMagick must be restarted for this update to take effect.

Solution(s)

  • redhat-upgrade-imagemagick
  • redhat-upgrade-imagemagick-c
  • redhat-upgrade-imagemagick-c-devel
  • redhat-upgrade-imagemagick-devel
  • redhat-upgrade-imagemagick-perl

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;