Skip to navigation

Security Advisory ImageMagick security update

Advisory: RHSA-2005:070-16
Type: Security Advisory
Severity: Moderate
Issued on: 2005-03-23
Last updated on: 2005-03-23
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2005-0005
CVE-2005-0397
CVE-2005-0759
CVE-2005-0760
CVE-2005-0761
CVE-2005-0762

Details

Updated ImageMagick packages that fix a heap based buffer overflow are now
available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

ImageMagick is an image display and manipulation tool for the X Window
System.

Andrei Nigmatulin discovered a heap based buffer overflow flaw in the
ImageMagick image handler. An attacker could create a carefully crafted
Photoshop Document (PSD) image in such a way that it would cause
ImageMagick to execute arbitrary code when processing the image. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0005 to this issue.

A format string bug was found in the way ImageMagick handles filenames. An
attacker could execute arbitrary code on a victim's machine if they were
able to trick the victim into opening a file with a specially crafted name.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0397 to this issue.

A bug was found in the way ImageMagick handles TIFF tags. It is possible
that a TIFF image file with an invalid tag could cause ImageMagick to
crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0759 to this issue.

A bug was found in ImageMagick's TIFF decoder. It is possible that a
specially crafted TIFF image file could cause ImageMagick to crash. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-0760 to this issue.

A bug was found in the way ImageMagick parses PSD files. It is possible
that a specially crafted PSD file could cause ImageMagick to crash. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-0761 to this issue.

A heap overflow bug was found in ImageMagick's SGI parser. It is possible
that an attacker could execute arbitrary code by tricking a user into
opening a specially crafted SGI image file. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-0762 to
this issue.

Users of ImageMagick should upgrade to these updated packages, which
contain backported patches, and are not vulnerable to these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 3)

IA-32:
ImageMagick-5.5.6-13.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: e96c043b59ad808214398d62765884b3
ImageMagick-c++-5.5.6-13.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: ca5a5de88dbce63e4b68d0813dd0aa0b
ImageMagick-c++-devel-5.5.6-13.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 571d4b8252cd09388e811dab7b7d420a
ImageMagick-devel-5.5.6-13.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: d52da9fea241e7069834e43870d6e305
ImageMagick-perl-5.5.6-13.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 0c410c10953a8641a2c58cdd79590318
 
x86_64:
ImageMagick-5.5.6-13.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: e96c043b59ad808214398d62765884b3
ImageMagick-5.5.6-13.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: d4e3cfc3f690b5f0a96660eb8f15857f
ImageMagick-c++-5.5.6-13.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: ca5a5de88dbce63e4b68d0813dd0aa0b
ImageMagick-c++-5.5.6-13.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: aabcec7ef0e8545b170a86246114bc64
ImageMagick-c++-devel-5.5.6-13.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 70e707a934f7c674180d144dc54750c7
ImageMagick-devel-5.5.6-13.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 3a17b125eb8909661f2d0790c788cf4b
ImageMagick-perl-5.5.6-13.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 9581f193326fb69a826aba2db00c6d98
 
Red Hat Enterprise Linux AS (v. 2.1)

IA-32:
ImageMagick-5.3.8-10.i386.rpm
File outdated by:  RHSA-2008:0165
    MD5: e79b17a0964f3242afe48ea977cba811
ImageMagick-c++-5.3.8-10.i386.rpm
File outdated by:  RHSA-2008:0165
    MD5: e613edc5a641b2826a17a014d23b561d
ImageMagick-c++-devel-5.3.8-10.i386.rpm
File outdated by:  RHSA-2008:0165
    MD5: 73699f8ab694fc27c901dd4b24c9bbd6
ImageMagick-devel-5.3.8-10.i386.rpm
File outdated by:  RHSA-2008:0165
    MD5: 208653fea7be46c37dedb8f335d9bd29
ImageMagick-perl-5.3.8-10.i386.rpm
File outdated by:  RHSA-2008:0165
    MD5: dfef04e0cc1b1e411a79e67b03b905ac
 
IA-64:
ImageMagick-5.3.8-10.ia64.rpm
File outdated by:  RHSA-2008:0165
    MD5: de0ab5db6c53da4abc76ef97fd0983ec
ImageMagick-c++-5.3.8-10.ia64.rpm
File outdated by:  RHSA-2008:0165
    MD5: dc987dc03c1aba45a59051c59db887e0
ImageMagick-c++-devel-5.3.8-10.ia64.rpm
File outdated by:  RHSA-2008:0165
    MD5: 313eab6adc60421b639c2cf76714f55a
ImageMagick-devel-5.3.8-10.ia64.rpm
File outdated by:  RHSA-2008:0165
    MD5: e964030f316ac822f1749352fa38a225
ImageMagick-perl-5.3.8-10.ia64.rpm
File outdated by:  RHSA-2008:0165
    MD5: 12124b283bc60518963483d957f71fb1
 
Red Hat Enterprise Linux AS (v. 3)

IA-32:
ImageMagick-5.5.6-13.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: e96c043b59ad808214398d62765884b3
ImageMagick-c++-5.5.6-13.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: ca5a5de88dbce63e4b68d0813dd0aa0b
ImageMagick-c++-devel-5.5.6-13.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 571d4b8252cd09388e811dab7b7d420a
ImageMagick-devel-5.5.6-13.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: d52da9fea241e7069834e43870d6e305
ImageMagick-perl-5.5.6-13.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 0c410c10953a8641a2c58cdd79590318
 
IA-64:
ImageMagick-5.5.6-13.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: e96c043b59ad808214398d62765884b3
ImageMagick-5.5.6-13.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 57266d92716e2e72c4758df06c7078b1
ImageMagick-c++-5.5.6-13.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: ca5a5de88dbce63e4b68d0813dd0aa0b
ImageMagick-c++-5.5.6-13.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 97caf495f60b7d27b2da35e17d91b806
ImageMagick-c++-devel-5.5.6-13.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 439e8b7a4c60e7a8d3f21438aa400667
ImageMagick-devel-5.5.6-13.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 50f8e9f478f5888153ddc4a5542250b0
ImageMagick-perl-5.5.6-13.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 99c88878747e363fcb12ba1edb15bb76
 
PPC:
ImageMagick-5.5.6-13.ppc.rpm
File outdated by:  RHSA-2008:0145
    MD5: f5c8817d0a4c7cfc309ffc91f88536cf
ImageMagick-5.5.6-13.ppc64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 9d50784dc7ba6f7442d91d19d4ced50d
ImageMagick-c++-5.5.6-13.ppc.rpm
File outdated by:  RHSA-2008:0145
    MD5: 6ec612e90b6a29e49fc9dad40632e05b
ImageMagick-c++-5.5.6-13.ppc64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 4307b341167d18b89ec07477044da9cf
ImageMagick-c++-devel-5.5.6-13.ppc.rpm
File outdated by:  RHSA-2008:0145
    MD5: 2a110d90ccf8fe7de4f7c21c95076d8a
ImageMagick-devel-5.5.6-13.ppc.rpm
File outdated by:  RHSA-2008:0145
    MD5: b7497b642ca0781a97ada5078d8c82d3
ImageMagick-perl-5.5.6-13.ppc.rpm
File outdated by:  RHSA-2008:0145
    MD5: f50e182783d0fe2a316e44f77813501f
 
s390:
ImageMagick-5.5.6-13.s390.rpm
File outdated by:  RHSA-2008:0145
    MD5: ffdc5754ae7f12c66b1f4dba743678df
ImageMagick-c++-5.5.6-13.s390.rpm
File outdated by:  RHSA-2008:0145
    MD5: 5ab787e7742193fd5ab09d70306afda1
ImageMagick-c++-devel-5.5.6-13.s390.rpm
File outdated by:  RHSA-2008:0145
    MD5: fa6a3166f01de5e3af7f6dffa4c61378
ImageMagick-devel-5.5.6-13.s390.rpm
File outdated by:  RHSA-2008:0145
    MD5: a4efd895558315a4b37b977c07e392c2
ImageMagick-perl-5.5.6-13.s390.rpm
File outdated by:  RHSA-2008:0145
    MD5: 8ef03012a946a11d29c8990d782f5160
 
s390x:
ImageMagick-5.5.6-13.s390.rpm
File outdated by:  RHSA-2008:0145
    MD5: ffdc5754ae7f12c66b1f4dba743678df
ImageMagick-5.5.6-13.s390x.rpm
File outdated by:  RHSA-2008:0145
    MD5: 29cb46983c1f8e6efe0663b0a2b8a6d4
ImageMagick-c++-5.5.6-13.s390.rpm
File outdated by:  RHSA-2008:0145
    MD5: 5ab787e7742193fd5ab09d70306afda1
ImageMagick-c++-5.5.6-13.s390x.rpm
File outdated by:  RHSA-2008:0145
    MD5: 68fba7343df00dad18bfd44da9fd86fc
ImageMagick-c++-devel-5.5.6-13.s390x.rpm
File outdated by:  RHSA-2008:0145
    MD5: b2856e4eea04fc5113213361ae38e492
ImageMagick-devel-5.5.6-13.s390x.rpm
File outdated by:  RHSA-2008:0145
    MD5: 159972f15e0e249ab2ef742400f7fedd
ImageMagick-perl-5.5.6-13.s390x.rpm
File outdated by:  RHSA-2008:0145
    MD5: aabd863febeffaafb913d0513f9152c4
 
x86_64:
ImageMagick-5.5.6-13.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: e96c043b59ad808214398d62765884b3
ImageMagick-5.5.6-13.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: d4e3cfc3f690b5f0a96660eb8f15857f
ImageMagick-c++-5.5.6-13.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: ca5a5de88dbce63e4b68d0813dd0aa0b
ImageMagick-c++-5.5.6-13.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: aabcec7ef0e8545b170a86246114bc64
ImageMagick-c++-devel-5.5.6-13.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 70e707a934f7c674180d144dc54750c7
ImageMagick-devel-5.5.6-13.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 3a17b125eb8909661f2d0790c788cf4b
ImageMagick-perl-5.5.6-13.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 9581f193326fb69a826aba2db00c6d98
 
Red Hat Enterprise Linux ES (v. 2.1)

IA-32:
ImageMagick-5.3.8-10.i386.rpm
File outdated by:  RHSA-2008:0165
    MD5: e79b17a0964f3242afe48ea977cba811
ImageMagick-c++-5.3.8-10.i386.rpm
File outdated by:  RHSA-2008:0165
    MD5: e613edc5a641b2826a17a014d23b561d
ImageMagick-c++-devel-5.3.8-10.i386.rpm
File outdated by:  RHSA-2008:0165
    MD5: 73699f8ab694fc27c901dd4b24c9bbd6
ImageMagick-devel-5.3.8-10.i386.rpm
File outdated by:  RHSA-2008:0165
    MD5: 208653fea7be46c37dedb8f335d9bd29
ImageMagick-perl-5.3.8-10.i386.rpm
File outdated by:  RHSA-2008:0165
    MD5: dfef04e0cc1b1e411a79e67b03b905ac
 
Red Hat Enterprise Linux ES (v. 3)

IA-32:
ImageMagick-5.5.6-13.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: e96c043b59ad808214398d62765884b3
ImageMagick-c++-5.5.6-13.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: ca5a5de88dbce63e4b68d0813dd0aa0b
ImageMagick-c++-devel-5.5.6-13.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 571d4b8252cd09388e811dab7b7d420a
ImageMagick-devel-5.5.6-13.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: d52da9fea241e7069834e43870d6e305
ImageMagick-perl-5.5.6-13.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 0c410c10953a8641a2c58cdd79590318
 
IA-64:
ImageMagick-5.5.6-13.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: e96c043b59ad808214398d62765884b3
ImageMagick-5.5.6-13.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 57266d92716e2e72c4758df06c7078b1
ImageMagick-c++-5.5.6-13.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: ca5a5de88dbce63e4b68d0813dd0aa0b
ImageMagick-c++-5.5.6-13.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 97caf495f60b7d27b2da35e17d91b806
ImageMagick-c++-devel-5.5.6-13.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 439e8b7a4c60e7a8d3f21438aa400667
ImageMagick-devel-5.5.6-13.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 50f8e9f478f5888153ddc4a5542250b0
ImageMagick-perl-5.5.6-13.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 99c88878747e363fcb12ba1edb15bb76
 
x86_64:
ImageMagick-5.5.6-13.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: e96c043b59ad808214398d62765884b3
ImageMagick-5.5.6-13.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: d4e3cfc3f690b5f0a96660eb8f15857f
ImageMagick-c++-5.5.6-13.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: ca5a5de88dbce63e4b68d0813dd0aa0b
ImageMagick-c++-5.5.6-13.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: aabcec7ef0e8545b170a86246114bc64
ImageMagick-c++-devel-5.5.6-13.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 70e707a934f7c674180d144dc54750c7
ImageMagick-devel-5.5.6-13.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 3a17b125eb8909661f2d0790c788cf4b
ImageMagick-perl-5.5.6-13.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 9581f193326fb69a826aba2db00c6d98
 
Red Hat Enterprise Linux WS (v. 2.1)

IA-32:
ImageMagick-5.3.8-10.i386.rpm
File outdated by:  RHSA-2008:0165
    MD5: e79b17a0964f3242afe48ea977cba811
ImageMagick-c++-5.3.8-10.i386.rpm
File outdated by:  RHSA-2008:0165
    MD5: e613edc5a641b2826a17a014d23b561d
ImageMagick-c++-devel-5.3.8-10.i386.rpm
File outdated by:  RHSA-2008:0165
    MD5: 73699f8ab694fc27c901dd4b24c9bbd6
ImageMagick-devel-5.3.8-10.i386.rpm
File outdated by:  RHSA-2008:0165
    MD5: 208653fea7be46c37dedb8f335d9bd29
ImageMagick-perl-5.3.8-10.i386.rpm
File outdated by:  RHSA-2008:0165
    MD5: dfef04e0cc1b1e411a79e67b03b905ac
 
Red Hat Enterprise Linux WS (v. 3)

IA-32:
ImageMagick-5.5.6-13.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: e96c043b59ad808214398d62765884b3
ImageMagick-c++-5.5.6-13.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: ca5a5de88dbce63e4b68d0813dd0aa0b
ImageMagick-c++-devel-5.5.6-13.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 571d4b8252cd09388e811dab7b7d420a
ImageMagick-devel-5.5.6-13.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: d52da9fea241e7069834e43870d6e305
ImageMagick-perl-5.5.6-13.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 0c410c10953a8641a2c58cdd79590318
 
IA-64:
ImageMagick-5.5.6-13.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: e96c043b59ad808214398d62765884b3
ImageMagick-5.5.6-13.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 57266d92716e2e72c4758df06c7078b1
ImageMagick-c++-5.5.6-13.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: ca5a5de88dbce63e4b68d0813dd0aa0b
ImageMagick-c++-5.5.6-13.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 97caf495f60b7d27b2da35e17d91b806
ImageMagick-c++-devel-5.5.6-13.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 439e8b7a4c60e7a8d3f21438aa400667
ImageMagick-devel-5.5.6-13.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 50f8e9f478f5888153ddc4a5542250b0
ImageMagick-perl-5.5.6-13.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 99c88878747e363fcb12ba1edb15bb76
 
x86_64:
ImageMagick-5.5.6-13.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: e96c043b59ad808214398d62765884b3
ImageMagick-5.5.6-13.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: d4e3cfc3f690b5f0a96660eb8f15857f
ImageMagick-c++-5.5.6-13.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: ca5a5de88dbce63e4b68d0813dd0aa0b
ImageMagick-c++-5.5.6-13.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: aabcec7ef0e8545b170a86246114bc64
ImageMagick-c++-devel-5.5.6-13.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 70e707a934f7c674180d144dc54750c7
ImageMagick-devel-5.5.6-13.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 3a17b125eb8909661f2d0790c788cf4b
ImageMagick-perl-5.5.6-13.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 9581f193326fb69a826aba2db00c6d98
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

IA-64:
ImageMagick-5.3.8-10.ia64.rpm
File outdated by:  RHSA-2008:0165
    MD5: de0ab5db6c53da4abc76ef97fd0983ec
ImageMagick-c++-5.3.8-10.ia64.rpm
File outdated by:  RHSA-2008:0165
    MD5: dc987dc03c1aba45a59051c59db887e0
ImageMagick-c++-devel-5.3.8-10.ia64.rpm
File outdated by:  RHSA-2008:0165
    MD5: 313eab6adc60421b639c2cf76714f55a
ImageMagick-devel-5.3.8-10.ia64.rpm
File outdated by:  RHSA-2008:0165
    MD5: e964030f316ac822f1749352fa38a225
ImageMagick-perl-5.3.8-10.ia64.rpm
File outdated by:  RHSA-2008:0165
    MD5: 12124b283bc60518963483d957f71fb1
 

Bugs fixed (see bugzilla for more information)

145111 - CAN-2005-0005 buffer overflow in ImageMagick
150185 - CAN-2005-0397 ImageMagick format string flaw
150312 - CAN-2005-0759 Denial of Service in .tiff images with invalid TAG
150315 - CAN-2005-0760 Accessing memory outside of image during decoding of TIFF
150323 - CAN-2005-0761 Bug in parsing PSD files
150327 - CAN-2005-0762 Buffer overflow in SGI parser


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/