Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0397

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-0397
Last Modified 21 Aug 2010 12:25:58
Published 02 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0397

Summary

Format string vulnerability in the SetImageInfo function in image.c for ImageMagick before 6.0.2.5 may allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a filename argument to convert, which may be called by other web applications.

Vulnerable Systems

Application

  • Imagemagick 5.2

  • Imagemagick 5.3

  • Imagemagick 5.4

  • Imagemagick 5.5


References

XF - imagemagick-filename-format-string(19586)

REDHAT - RHSA-2005:320

SUSE - SUSE-SA:2005:017

GENTOO - GLSA-200503-11

DEBIAN - DSA-702

BUGTRAQ - 20050303 [USN-90-1] Imagemagick vulnerability

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=83542

REDHAT - RHSA-2005:070


Last Updated: 27 May 2016 10:39:47