1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200505-16 / ImageMagick |
| Release Date | May 21, 2005 |
| Latest Revision | May 22, 2006: 02 |
| Impact | normal |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| media-gfx/imagemagick | < 6.2.2.3 | >= 6.2.2.3 | All supported architectures |
| media-gfx/graphicsmagick | < 1.1.6-r1 | >= 1.1.6-r1 | All supported architectures |
Related bugreports: #90423, #90595
ImageMagick and GraphicsMagick utilities can be abused to perform a Denial of Service attack.
Both ImageMagick and GraphicsMagick are collection of tools to read, write and manipulate images in many formats.
Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a Denial of Service vulnerability in the XWD decoder of ImageMagick and GraphicsMagick when setting a color mask to zero.
A remote attacker could submit a specially crafted image to a user or an automated system making use of an affected utility, resulting in a Denial of Service by consumption of CPU time.
There is no known workaround at this time.
All ImageMagick users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.2.2.3" |
All GraphicsMagick users should upgrade to the latest version:
Code Listing 3.2: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=media-gfx/graphicsmagick-1.1.6-r1" |