CVE Vulnerabilities

CVE-2005-0397

Published: May 02, 2005 | Modified: Oct 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
UNTRIAGED

Format string vulnerability in the SetImageInfo function in image.c for ImageMagick before 6.0.2.5 may allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a filename argument to convert, which may be called by other web applications.

Affected Software

Name Vendor Start Version End Version
Imagemagick Imagemagick 5.2 (including) 5.2 (including)
Imagemagick Imagemagick 5.3 (including) 5.3 (including)
Imagemagick Imagemagick 5.4 (including) 5.4 (including)
Imagemagick Imagemagick 5.5 (including) 5.5 (including)
Red Hat Enterprise Linux 3 RedHat ImageMagick-0:5.5.6-13 *
Red Hat Enterprise Linux 4 RedHat ImageMagick-0:6.0.7.1-10 *
Graphicsmagick Ubuntu devel *
Graphicsmagick Ubuntu edgy *
Graphicsmagick Ubuntu feisty *
Imagemagick Ubuntu dapper *
Imagemagick Ubuntu devel *
Imagemagick Ubuntu edgy *
Imagemagick Ubuntu feisty *

References