CVE-2009-1882
Published: 2 June 2009
Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of these details are obtained from third party information.
Notes
Author | Note |
---|---|
jdstrand | patch is from svn commit r513 in trunk (but has extra stuff that is unrelated) |
Priority
Status
Package | Release | Status |
---|---|---|
graphicsmagick Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Ignored
(end of life)
|
|
intrepid |
Ignored
(end of life, was needed)
|
|
jaunty |
Released
(1.1.11-3.2+lenny1build0.9.04.1)
|
|
karmic |
Not vulnerable
(1.3.5-5.1)
|
|
lucid |
Not vulnerable
(1.3.5-5.1)
|
|
maverick |
Not vulnerable
(1.3.5-5.1)
|
|
natty |
Not vulnerable
(1.3.5-5.1)
|
|
oneiric |
Not vulnerable
(1.3.5-5.1)
|
|
upstream |
Released
(1.3.5-5.1)
|
|
imagemagick Launchpad, Ubuntu, Debian |
dapper |
Released
(6:6.2.4.5-0.6ubuntu0.9)
|
hardy |
Released
(7:6.3.7.9.dfsg1-2ubuntu1.1)
|
|
intrepid |
Released
(7:6.3.7.9.dfsg1-2ubuntu3.1)
|
|
jaunty |
Released
(7:6.4.5.4.dfsg1-1ubuntu3.1)
|
|
karmic |
Released
(7:6.4.5.4.dfsg1-1ubuntu4)
|
|
lucid |
Released
(7:6.4.5.4.dfsg1-1ubuntu4)
|
|
maverick |
Released
(7:6.4.5.4.dfsg1-1ubuntu4)
|
|
natty |
Released
(7:6.4.5.4.dfsg1-1ubuntu4)
|
|
oneiric |
Released
(7:6.4.5.4.dfsg1-1ubuntu4)
|
|
upstream |
Needs triage
|