Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. NOTE: this issue is due to an incomplete patch for CVE-2006-5456.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Graphicsmagick | Graphicsmagick | * | * |
| Imagemagick | Imagemagick | 6.3.3.4 (including) | 6.3.3.4 (including) |
| Graphicsmagick | Ubuntu | devel | * |
| Graphicsmagick | Ubuntu | edgy | * |
| Graphicsmagick | Ubuntu | feisty | * |
| Graphicsmagick | Ubuntu | gutsy | * |
| Imagemagick | Ubuntu | dapper | * |
| Imagemagick | Ubuntu | devel | * |
| Imagemagick | Ubuntu | edgy | * |
| Imagemagick | Ubuntu | feisty | * |
| Imagemagick | Ubuntu | gutsy | * |
References
- http://secunia.com/advisories/24167
- http://secunia.com/advisories/24196
- http://www.debian.org/security/2007/dsa-1260
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:041
- http://www.novell.com/linux/security/advisories/2007_3_sr.html
- http://www.osvdb.org/31911
- http://www.securityfocus.com/archive/1/459507/100/0/threaded
- http://www.ubuntu.com/usn/usn-422-1
- https://issues.rpath.com/browse/RPL-1034
- http://secunia.com/advisories/24167
- http://secunia.com/advisories/24196
- http://www.debian.org/security/2007/dsa-1260
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:041
- http://www.novell.com/linux/security/advisories/2007_3_sr.html
- http://www.osvdb.org/31911
- http://www.securityfocus.com/archive/1/459507/100/0/threaded
- http://www.ubuntu.com/usn/usn-422-1
- https://issues.rpath.com/browse/RPL-1034