iDefense Security Advisory 09.19.07 - Remote exploitation of multiple integer overflow vulnerabilities in ImageMagick, as included in various vendors' operating system distributions, allows attackers to crash applications using the ImageMagick library, and in some cases, execute arbitrary code. Several integer overflow vulnerabilities have been identified in ImageMagick's handling of various file formats. By creating a specially crafted DCM, DIB, XBM, XCF, or XWD image file, an attacker can cause a heap buffer of insufficient size to be allocated. This results in a heap-based buffer overflow. iDefense Labs confirmed that ImageMagick version 6.3.4 is vulnerable. It is suspected that other versions of ImageMagick are also vulnerable.
5b1330bd7f39749529500cc92bdb0c3b934975d17ff694e3d5b0edf375532508
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed