Info

Disclosure

Feb 08, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

ImageMagick contains a boundary error within the 'ReadPALMImage()' function in coders/palm.c that may allow a malicious user to cause a Denial of Service and possibly execute arbitrary code. In order to exploit this issue an attacker has to persuade the victim to open a malformed PALM image.

Classification

Location: Local Access Required
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Suse, Ubuntu, Debian and Mandriva have released a patch to address this vulnerability.

Products

ImageMagick Studio LLC

ImageMagick

6.0.7

References

CVE ID: 2007-0770 (see also: NVD)
Secunia Advisory ID: 24148 24167 24196
Related OSVDB ID: 29990
Vendor Specific Advisory URL: http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:041
http://www.debian.org/security/2007/dsa-1260
http://www.ubuntu.com/usn/usn-422-1
Other Advisory URL: http://lists.suse.com/archive/suse-security-announce/2007-Feb/0003.html
Mail List Post: http://www.securityfocus.com/archive/1/archive/1/459507/100/0/threaded
Vendor Specific News/Changelog Entry: https://issues.rpath.com/browse/RPL-1034

Credit

Vladimir Nadvornik -
M. Joonas Pihlaja - Ubuntu

Direct URL: http://osvdb.org/31911