Published: 02/06/2009 Updated: 10/10/2018

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of these details are obtained from third party information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
imagemagick imagemagick 6.5.2-8

Debian Bug report logs - #530838 CVE-2009-1882: ImageMagick Integer Overflow Vulnerability Package: imagemagick; Maintainer for imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Source for imagemagick is src:imagemagick (PTS, buildd, popcon) Reported by: Giuseppe Iuculano <giuseppe@i ...

It was discovered that ImageMagick did not properly verify the dimensions of TIFF files If a user or automated system were tricked into opening a crafted TIFF file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program ...

Synopsis Moderate: ImageMagick security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated ImageMagick packages that fix one security issue and one bug arenow available for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecurity ...

Synopsis Moderate: ImageMagick security update Type/Severity Security Advisory: Moderate Topic Updated ImageMagick packages that fix one security issue are now availablefor Red Hat Enterprise Linux 4The Red Hat Security Response Team has rated this update as having moderatesecurity impact A Common Vulnera ...

Several vulnerabilities have been discovered in graphicsmagick, a collection of image processing tool, which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-1667 Multiple integer overflows in XInitImage functi ...

Several vulnerabilities have been discovered in the imagemagick image manipulation programs which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-1667 Multiple integer overflows in XInitImage function in xwd ...

CWE-189 http://osvdb.org/54729 http://www.securityfocus.com/bid/35111 http://secunia.com/advisories/35216 http://mirror1.smudge-it.co.uk/imagemagick/www/changelog.html http://imagemagick.org/script/changelog.php http://www.vupen.com/english/advisories/2009/1449 http://secunia.com/advisories/35382 http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://secunia.com/advisories/35685 http://www.debian.org/security/2009/dsa-1858 http://secunia.com/advisories/36260 http://www.openwall.com/lists/oss-security/2009/06/08/1 http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033833.html http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033766.html http://secunia.com/advisories/37959 http://wiki.rpath.com/Advisories:rPSA-2010-0074 http://security.gentoo.org/glsa/glsa-201311-10.xml http://secunia.com/advisories/55721 https://usn.ubuntu.com/784-1/http://www.securityfocus.com/archive/1/514516/100/0/threaded https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530838 https://usn.ubuntu.com/784-1/https://nvd.nist.gov

CVE-2009-1882

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect