CVE-2009-1882

Severity

93%

Complexity

86%

Confidentiality

165%

Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of these details are obtained from third party information.

Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of these details are obtained from third party information.

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

First reported 15 years ago

2009-06-02 15:30:00

Last updated 6 years ago

2018-10-10 19:38:00

Affected Software

ImageMagick 6.5.2-8

6.5.2-8

References

http://imagemagick.org/script/changelog.php

FEDORA-2010-0036

FEDORA-2010-0001

SUSE-SR:2009:012

http://mirror1.smudge-it.co.uk/imagemagick/www/changelog.html

54729

35216

Vendor Advisory

35382

35685

36260

37959

55721

GLSA-201311-10

http://wiki.rpath.com/Advisories:rPSA-2010-0074

DSA-1858

[oss-security] 20090608 Re: CVE Request -- ImageMagick -- Integer overflow in XMakeImage()

20101027 rPSA-2010-0074-1 ImageMagick

35111

ADV-2009-1449

USN-784-1

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.