Summary
This host is running GraphicsMagick graphics tool and is prone to multiple buffer overflow/underflow vulnerabilities.
Impact
A remote user could execute arbitrary code on the target system and can cause denial-of-service or compromise a vulnerable system via specially crafted PALM, PICT, XCF, DPX and CINEON images.
Impact level: System/Application
Solution
Update to version 1.1.14 or 1.2.3,
http://sourceforge.net/projects/graphicsmagick
Insight
Multiple flaws due to,
- two boundary errors within the ReadPALMImage function in coders/palm.c, - a boundary error within the DecodeImage function in coders/pict.a, - unknown errors within the processing of XCF, DPX, and CINEON images.
- error exists while processing malformed data in DPX which causes input validation vulnerability.
Affected
GraphicsMagick version prior to 1.1.14 and 1.2.3 on Linux.
References
Severity
Classification
-
CVE CVE-2008-6070, CVE-2008-6071, CVE-2008-6072, CVE-2008-6621 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- DesignWorks Professional '.cct' File BOF Vulnerability
- Apple iTunes 'itpc:' URI Buffer Overflow Vulnerability
- CA Internet Security Suite Plus 'KmxSbx.sys' Buffer Overflow Vulnerability
- Adobe Flash Player Buffer Overflow Vulnerability (Mac OS X)
- Adobe Flash CS3 SWF Processing Buffer Overflow Vulnerabilities