Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2004-0827

Published: 16/09/2004 Updated: 11/10/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Enlightenment

Vulnerability Summary

Multiple buffer overflows in the ImageMagick graphics library 5.x prior to 5.4.4, and 6.x prior to 6.0.6.2, allow remote malicious users to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.

Vulnerable Product Search on Vulmon Subscribe to Product

enlightenment imlib 1.9.11

enlightenment imlib 1.9.12

enlightenment imlib 1.9.6

enlightenment imlib 1.9.7

enlightenment imlib2 1.0.4

enlightenment imlib2 1.0.5

enlightenment imlib2 1.1

imagemagick imagemagick 5.4.8.2.1.1.0

imagemagick imagemagick 5.5.3.2.1.2.0

conectiva linux 9.0

enlightenment imlib 1.9.1

enlightenment imlib 1.9.10

enlightenment imlib 1.9.4

enlightenment imlib 1.9.5

enlightenment imlib2 1.0.2

enlightenment imlib2 1.0.3

imagemagick imagemagick 5.4.7

imagemagick imagemagick 5.4.8

sun java desktop system 2003

conectiva linux 10.0

enlightenment imlib 1.9.13

enlightenment imlib 1.9.14

enlightenment imlib 1.9.8

enlightenment imlib 1.9.9

enlightenment imlib2 1.1.1

imagemagick imagemagick 5.3.3

imagemagick imagemagick 5.5.6.0_2003-04-09

imagemagick imagemagick 5.5.7

enlightenment imlib 1.9

enlightenment imlib 1.9.2

enlightenment imlib 1.9.3

enlightenment imlib2 1.0

enlightenment imlib2 1.0.1

imagemagick imagemagick 5.4.3

imagemagick imagemagick 5.4.4.5

imagemagick imagemagick 6.0.2

sun java desktop system 2.0

redhat enterprise linux 2.1

redhat enterprise linux desktop 3.0

redhat fedora core core_1.0

suse suse linux 8.1

suse suse linux 8.2

turbolinux turbolinux workstation_7.0

turbolinux turbolinux workstation_8.0

mandrakesoft mandrake linux corporate server 2.1

redhat enterprise linux 3.0

suse suse linux 8.0

turbolinux turbolinux server_7.0

turbolinux turbolinux server_8.0

mandrakesoft mandrake linux 10.0

redhat fedora core core_2.0

redhat fedora core core_3.0

suse suse linux 9.0

ubuntu ubuntu linux 4.1

mandrakesoft mandrake linux 9.2

redhat linux advanced workstation 2.1

suse suse linux 9.1

suse suse linux 9.2

turbolinux turbolinux desktop_10.0

Vendor Advisories

Ubuntu Security Notice: imagemagick vulnerabilities
Markus Meissner discovered several potential buffer overflows in some image decoding functions of ImageMagick Decoding a malicious BMP or DIB image or AVI video might result in execution of arbitrary code with the user’s privileges ...
Debian Security Advisories: DSA-547-1 imagemagick -- buffer overflows
Marcus Meissner from SUSE has discovered several buffer overflows in the ImageMagick graphics library An attacker could create a malicious image or video file in AVI, BMP, or DIB format that could crash the reading process It might be possible that carefully crafted images could also allow to execute arbitrary code with the capabilities of the in ...
Red Hat: ImageMagick security update
Synopsis ImageMagick security update Type/Severity Security Advisory: Important Topic Updated ImageMagick packages that fix various security vulnerabilities arenow available Description ImageMagick(TM) is an image display and manipulation tool for the X WindowSystemA heap overflow flaw wa ...
Red Hat: ImageMagick security update
Synopsis ImageMagick security update Type/Severity Security Advisory: Important Topic Updated ImageMagick packages that fixes a buffer overflow are now available Description ImageMagick(TM) is an image display and manipulation tool for the X WindowSystemA buffer overflow flaw was discover ...
Red Hat: ImageMagick security update
Synopsis ImageMagick security update Type/Severity Security Advisory: Important Topic Updated ImageMagick packages that fix a BMP loader vulnerability are nowavailable Description ImageMagick(TM) is an image display and manipulation tool for the X WindowSystemA heap overflow flaw has been ...

References

NVD-CWE-Otherhttp://www.debian.org/security/2004/dsa-547http://www.redhat.com/support/errata/RHSA-2004-480.htmlhttp://www.redhat.com/support/errata/RHSA-2004-494.htmlhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-231321-1http://secunia.com/advisories/28800http://sunsolve.sun.com/search/document.do?assetkey=1-66-201006-1http://www.vupen.com/english/advisories/2008/0412https://exchange.xforce.ibmcloud.com/vulnerabilities/17173https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11123https://usn.ubuntu.com/35-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
client sideCVE-2023-31889template injectionCVE-2024-4304CVE-2006-4304CVE-2024-33272type confusionCVE-2024-21345CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook