CVE-2005-0397 | Vulnerability Database | Aqua Security

Format string vulnerability in the SetImageInfo function in image.c for ImageMagick before 6.0.2.5 may allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a filename argument to convert, which may be called by other web applications.

Affected Software

Name	Vendor	Start Version	End Version
Imagemagick	Imagemagick	5.5	5.5
Imagemagick	Imagemagick	5.2	5.2
Imagemagick	Imagemagick	5.4	5.4
Imagemagick	Imagemagick	5.3	5.3

References

http://www.debian.org/security/2005/dsa-702
http://www.gentoo.org/security/en/glsa/glsa-200503-11.xml
http://bugs.gentoo.org/show_bug.cgi?id=83542
http://www.redhat.com/support/errata/RHSA-2005-320.html
http://www.novell.com/linux/security/advisories/2005_17_imagemagick.html
http://www.redhat.com/support/errata/RHSA-2005-070.html
http://marc.info/?l=bugtraq\u0026m=110987256010857\u0026w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/19586
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10302

NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-0397
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html