漏洞信息详情
ImageMagick远程EXIF解析缓冲区溢出漏洞
- CNNVD编号:CNNVD-200502-025
- 危害等级: 超危
- CVE编号: CVE-2004-0981
- 漏洞类型: 缓冲区溢出
- 发布时间: 2005-02-09
- 威胁类型: 远程
- 更新时间: 2005-10-20
- 厂 商: debian
- 漏洞来源: The individual res...
漏洞简介
ImageMagick 是一个图象处理软件。它可以编辑、显示包括JPEG、TIFF、PNM、PNG、GIF和Photo CD在内的绝大多数当今最流行的图象格式。 ImageMagick 6.1.0之前的EXIF解析例程中的缓冲区溢出,可让远程攻击者通过某些图像文件执行任意代码。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接: RedHat Fedora Core2 Fedora ImageMagick-6.2.0.7-2.fc2.4.legacy.i386.rpm RedHat Fedora Core 2 http://download.fedoralegacy.org/fedora/2/updates/i386/ImageMagick-6.2 .0.7-2.fc2.4.legacy.i386.rpm Fedora ImageMagick-c++-6.2.0.7-2.fc2.4.legacy.i386.rpm RedHat Fedora Core 2 http://download.fedoralegacy.org/fedora/2/updates/i386/ImageMagick-c++ -6.2.0.7-2.fc2.4.legacy.i386.rpm Fedora ImageMagick-c++-devel-6.2.0.7-2.fc2.4.legacy.i386.rpm RedHat Fedora Core 2 http://download.fedoralegacy.org/fedora/2/updates/i386/ImageMagick-c++ -devel-6.2.0.7-2.fc2.4.legacy.i386.rpm Fedora ImageMagick-devel-6.2.0.7-2.fc2.4.legacy.i386.rpm RedHat Fedora Core 2 http://download.fedoralegacy.org/fedora/2/updates/i386/ImageMagick-dev el-6.2.0.7-2.fc2.4.legacy.i386.rpm Fedora ImageMagick-perl-6.2.0.7-2.fc2.4.legacy.i386.rpm RedHat Fedora Core 2 http://download.fedoralegacy.org/fedora/2/updates/i386/ImageMagick-per l-6.2.0.7-2.fc2.4.legacy.i386.rpm RedHat Fedora Core1 Fedora ImageMagick-5.5.6-13.legacy.i386.rpm RedHat Fedora Core 1 http://download.fedoralegacy.org/fedora/1/updates/i386/ImageMagick-5.5 .6-13.legacy.i386.rpm Fedora ImageMagick-c++-5.5.6-13.legacy.i386.rpm RedHat Fedora Core 1 http://download.fedoralegacy.org/fedora/1/updates/i386/ImageMagick-c++ -5.5.6-13.legacy.i386.rpm Fedora ImageMagick-c++-devel-5.5.6-13.legacy.i386.rpm RedHat Fedora Core 1 http://download.fedoralegacy.org/fedora/1/updates/i386/ImageMagick-c++ -devel-5.5.6-13.legacy.i386.rpm Fedora ImageMagick-devel-5.5.6-13.legacy.i386.rpm RedHat Fedora Core 1 http://download.fedoralegacy.org/fedora/1/updates/i386/ImageMagick-dev el-5.5.6-13.legacy.i386.rpm Fedora ImageMagick-perl-5.5.6-13.legacy.i386.rpm RedHat Fedora Core 1 http://download.fedoralegacy.org/fedora/1/updates/i386/ImageMagick-per l-5.5.6-13.legacy.i386.rpm ImageMagick ImageMagick 5.3.3 ImageMagick Imagemagick version 6.1.2 http://sourceforge.net/project/showfiles.php?group_id=24099 ImageMagick ImageMagick 5.4.3 ImageMagick Imagemagick version 6.1.2 http://sourceforge.net/project/showfiles.php?group_id=24099 ImageMagick ImageMagick 5.4.4 .5 Debian imagemagick_5.4.4.5-1woody4_alpha.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick _5.4.4.5-1woody4_alpha.deb Debian imagemagick_5.4.4.5-1woody4_arm.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick _5.4.4.5-1woody4_arm.deb Debian imagemagick_5.4.4.5-1woody4_hppa.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick _5.4.4.5-1woody4_hppa.deb Debian imagemagick_5.4.4.5-1woody4_i386.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick _5.4.4.5-1woody4_i386.deb Debian imagemagick_5.4.4.5-1woody4_ia64.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick _5.4.4.5-1woody4_ia64.deb Debian imagemagick_5.4.4.5-1woody4_m68k.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick _5.4.4.5-1woody4_m68k.deb Debian imagemagick_5.4.4.5-1woody4_mips.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick _5.4.4.5-1woody4_mips.deb Debian imagemagick_5.4.4.5-1woody4_mipsel.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick _5.4.4.5-1woody4_mipsel.deb Debian imagemagick_5.4.4.5-1woody4_powerpc.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick _5.4.4.5-1woody4_powerpc.deb Debian imagemagick_5.4.4.5-1woody4_s390.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick _5.4.4.5-1woody4_s390.deb Debian imagemagick_5.4.4.5-1woody4_sparc.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick _5.4.4.5-1woody4_sparc.deb Debian libmagick++5-dev_5.4.4.5-1woody4_alpha.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++ 5-dev_5.4.4.5-1woody4_alpha.deb Debian libmagick++5-dev_5.4.4.5-1woody4_arm.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++ 5-dev_5.4.4.5-1woody4_arm.deb Debian libmagick++5-dev_5.4.4.5-1woody4_hppa.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++ 5-dev_5.4.4.5-1woody4_hppa.deb Debian libmagick++5-dev_5.4.4.5-1woody4_i386.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++ 5-dev_5.4.4.5-1woody4_i386.deb Debian libmagick++5-dev_5.4.4.5-1woody4_ia64.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++ 5-dev_5.4.4.5-1woody4_ia64.deb Debian libmagick++5-dev_5.4.4.5-1woody4_m68k.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++ 5-dev_5.4.4.5-1woody4_m68k.deb Debian libmagick++5-dev_5.4.4.5-1woody4_mips.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++ 5-dev_5.4.4.5-1woody4_mips.deb Debian libmagick++5-dev_5.4.4.5-1woody4_mipsel.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++ 5-dev_5.4.4.5-1woody4_mipsel.deb Debian libmagick++5-dev_5.4.4.5-1woody4_powerpc.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++ 5-dev_5.4.4.5-1woody4_powerpc.deb Debian libmagick++5-dev_5.4.4.5-1woody4_s390.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++ 5-dev_5.4.4.5-1woody4_s390.deb Debian libmagick++5-dev_5.4.4.5-1woody4_sparc.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++ 5-dev_5.4.4.5-1woody4_sparc.deb Debian libmagick++5_5.4.4.5-1woody4_alpha.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++ 5_5.4.4.5-1woody4_alpha.deb Debian libmagick++5_5.4.4.5-1woody4_arm.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++ 5_5.4.4.5-1woody4_arm.deb Debian libmagick++5_5.4.4.5-1woody4_hppa.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++ 5_5.4.4.5-1woody4_hppa.deb Debian libmagick++5_5.4.4.5-1woody4_i386.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++ 5_5.4.4.5-1woody4_i386.deb Debian libmagick++5_5.4.4.5-1woody4_ia64.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++ 5_5.4.4.5-1woody4_ia64.deb Debian libmagick++5_5.4.4.5-1woody4_m68k.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++ 5_5.4.4.5-1woody4_m68k.deb Debian libmagick++5_5.4.4.5-1woody4_mips.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++ 5_5.4.4.5-1woody4_mips.deb Debian libmagick++5_5.4.4.5-1woody4_mipsel.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++ 5_5.4.4.5-1woody4_mipsel.deb Debian libmagick++5_5.4.4.5-1woody4_powerpc.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++ 5_5.4.4.5-1woody4_powerpc.deb Debian libmagick++5_5.4.4.5-1woody4_s390.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++ 5_5.4.4.5-1woody4_s390.deb Debian libmagick++5_5.4.4.5-1woody4_sparc.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++ 5_5.4.4.5-1woody4_sparc.deb Debian libmagick5-dev_5.4.4.5-1woody4_alpha.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/
参考网址
来源: XF 名称: imagemagick-exif-image-bo(17903) 链接:http://xforce.iss.net/xforce/xfdb/17903 来源: BID 名称: 11548 链接:http://www.securityfocus.org/bid/11548 来源: www.imagemagick.org 链接:http://www.imagemagick.org/www/Changelog.HTML 来源: GENTOO 名称: GLSA-200411-11 链接:http://security.gentoo.org/glsa/glsa-200411-11.xml 来源: SECUNIA 名称: 12995 链接:http://secunia.com/advisories/12995/ 来源: UBUNTU 名称: USN-7-1 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=109900325831136&w=2
受影响实体
- Debian Debian_linux:3.0:Sparc
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论