Rapid7 Vulnerability & Exploit Database

RHSA-2012:0301: ImageMagick security and bug fix update

Back to Search

RHSA-2012:0301: ImageMagick security and bug fix update

Severity
7
CVSS
(AV:L/AC:M/Au:N/C:C/I:C/A:C)
Published
11/22/2010
Created
07/25/2018
Added
02/21/2012
Modified
07/04/2017

Description

ImageMagick is an image display and manipulation tool for the X WindowSystem that can read and write multiple image formats.It was found that ImageMagick utilities tried to load ImageMagickconfiguration files from the current working directory. If a user ran anImageMagick utility in an attacker-controlled directory containing aspecially-crafted ImageMagick configuration file, it could cause theutility to execute arbitrary code. (CVE-2010-4167)This update also fixes the following bugs:All users of ImageMagick are advised to upgrade to these updated packages,which contain backported patches to correct these issues. All runninginstances of ImageMagick must be restarted for this update to take effect.

Solution(s)

  • redhat-upgrade-imagemagick
  • redhat-upgrade-imagemagick-c
  • redhat-upgrade-imagemagick-c-devel
  • redhat-upgrade-imagemagick-debuginfo
  • redhat-upgrade-imagemagick-devel
  • redhat-upgrade-imagemagick-perl

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;