Format string vulnerability in the SetImageInfo function in image.c for ImageMagick before 6.0.2.5 may allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a filename argument to convert, which may be called by other web applications.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Imagemagick | Imagemagick | 5.2 (including) | 5.2 (including) |
Imagemagick | Imagemagick | 5.3 (including) | 5.3 (including) |
Imagemagick | Imagemagick | 5.4 (including) | 5.4 (including) |
Imagemagick | Imagemagick | 5.5 (including) | 5.5 (including) |
Red Hat Enterprise Linux 3 | RedHat | ImageMagick-0:5.5.6-13 | * |
Red Hat Enterprise Linux 4 | RedHat | ImageMagick-0:6.0.7.1-10 | * |
Graphicsmagick | Ubuntu | devel | * |
Graphicsmagick | Ubuntu | edgy | * |
Graphicsmagick | Ubuntu | feisty | * |
Imagemagick | Ubuntu | dapper | * |
Imagemagick | Ubuntu | devel | * |
Imagemagick | Ubuntu | edgy | * |
Imagemagick | Ubuntu | feisty | * |