blob: 43deeb5192145203f2538d833aee0a9dd4c6930c [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200501-26">
<title>ImageMagick: PSD decoding heap overflow</title>
ImageMagick is vulnerable to a heap overflow when decoding Photoshop
Document (PSD) files, which could lead to arbitrary code execution.
<product type="ebuild">imagemagick</product>
<announced>January 20, 2005</announced>
<revised>January 20, 2005: 01</revised>
<package name="media-gfx/imagemagick" auto="yes" arch="*">
<unaffected range="ge"></unaffected>
<vulnerable range="lt"></vulnerable>
ImageMagick is a collection of tools to read, write and manipulate
images in many formats.
Andrei Nigmatulin discovered that a Photoshop Document (PSD) file
with more than 24 layers could trigger a heap overflow.
<impact type="normal">
An attacker could potentially design a mailicous PSD image file to
cause arbitrary code execution with the permissions of the user running
There is no known workaround at this time.
All ImageMagick users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=media-gfx/imagemagick-;</code>
<uri link="">CAN-2005-0005</uri>
<uri link=";type=vulnerabilities">iDEFENSE Advisory</uri>
<metadata tag="submitter" timestamp="Tue, 18 Jan 2005 13:50:38 +0000">
<metadata tag="bugReady" timestamp="Thu, 20 Jan 2005 09:15:57 +0000">