[Full-disclosure] rPSA-2007-0064-1 ImageMagick
rPath Update Announcements
announce-noreply at rpath.com
Wed Apr 4 09:24:33 BST 2007
rPath Security Advisory: 2007-0064-1
Published: 2007-04-04
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Indirect User Deterministic Unauthorized Access
Updated Versions:
ImageMagick=/conary.rpath.com at rpl:devel//1/6.2.3.3-3.6-1
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1667
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1797
https://issues.rpath.com/browse/RPL-1211
https://issues.rpath.com/browse/RPL-1205
Description:
Previous versions of the ImageMagick package are vulnerable to two
indirect attacks that may cause it to execute arbitrary code provided
by an attacker when attempting to read intentionally malformed image
files.
Full-Disclosure is hosted and sponsored by Secunia.