blob: f8a886d526737e97811ee85eb394b53f75fd8e59 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200411-11">
<title>ImageMagick: EXIF buffer overflow</title>
ImageMagick contains an error in boundary checks when handling EXIF
information, which could lead to arbitrary code execution.
<product type="ebuild">imagemagick</product>
<announced>November 06, 2004</announced>
<revised>November 06, 2004: 01</revised>
<package name="media-gfx/imagemagick" auto="yes" arch="*">
<unaffected range="ge"></unaffected>
<vulnerable range="lt"></vulnerable>
ImageMagick is a collection of tools to read, write and manipulate images
in many formats.
ImageMagick fails to do proper bounds checking when handling image files
with EXIF information.
<impact type="normal">
An attacker could use an image file with specially-crafted EXIF information
to cause arbitrary code execution with the permissions of the user running
There is no known workaround at this time.
All ImageMagick users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-"</code>
<uri link="">CAN-2004-0981</uri>
<uri link="">ImageMagick ChangeLog</uri>
<uri link="">SA 12995</uri>
<metadata tag="requester" timestamp="Fri, 5 Nov 2004 13:21:51 +0000">
<metadata tag="submitter" timestamp="Sat, 6 Nov 2004 13:00:12 +0000">
<metadata tag="bugReady" timestamp="Sat, 6 Nov 2004 18:34:28 +0000">