Upstream information

CVE-2007-4987 at MITRE

Description

Off-by-one error in the ReadBlobString function in blob.c in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a '\0' character to an out-of-bounds address.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having critical severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 9.3
Vector AV:N/AC:M/Au:N/C:C/I:C/A:C
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
SUSE Bugzilla entry: 327021 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 11 SP1
  • libMagickCore1 >= 6.4.3.6-7.20.1
  • libMagickCore1-32bit >= 6.4.3.6-7.20.1
SUSE Linux Enterprise Server 11 SP2
  • libMagickCore1 >= 6.4.3.6-7.22.1
  • libMagickCore1-32bit >= 6.4.3.6-7.22.1
SUSE Linux Enterprise Server 11 SP3
  • libMagickCore1 >= 6.4.3.6-7.26.1
  • libMagickCore1-32bit >= 6.4.3.6-7.26.1
SUSE Linux Enterprise Server 11 SP4
  • libMagickCore1 >= 6.4.3.6-7.30.1
  • libMagickCore1-32bit >= 6.4.3.6-7.30.1
SUSE Linux Enterprise Software Development Kit 11 SP4
  • ImageMagick >= 6.4.3.6-7.30.1
  • ImageMagick-devel >= 6.4.3.6-7.30.1
  • libMagick++-devel >= 6.4.3.6-7.30.1
  • libMagick++1 >= 6.4.3.6-7.30.1
  • libMagickWand1 >= 6.4.3.6-7.30.1
  • libMagickWand1-32bit >= 6.4.3.6-7.30.1
  • perl-PerlMagick >= 6.4.3.6-7.30.1
openSUSE Tumbleweed
  • ImageMagick >= 7.1.0.8-1.2
  • ImageMagick-config-7-SUSE >= 7.1.0.8-1.2
  • ImageMagick-config-7-upstream >= 7.1.0.8-1.2
  • ImageMagick-devel >= 7.1.0.8-1.2
  • ImageMagick-devel-32bit >= 7.1.0.8-1.2
  • ImageMagick-doc >= 7.1.0.8-1.2
  • ImageMagick-extra >= 7.1.0.8-1.2
  • libMagick++-7_Q16HDRI5 >= 7.1.0.8-1.2
  • libMagick++-7_Q16HDRI5-32bit >= 7.1.0.8-1.2
  • libMagick++-devel >= 7.1.0.8-1.2
  • libMagick++-devel-32bit >= 7.1.0.8-1.2
  • libMagickCore-7_Q16HDRI10 >= 7.1.0.8-1.2
  • libMagickCore-7_Q16HDRI10-32bit >= 7.1.0.8-1.2
  • libMagickWand-7_Q16HDRI10 >= 7.1.0.8-1.2
  • libMagickWand-7_Q16HDRI10-32bit >= 7.1.0.8-1.2
  • perl-PerlMagick >= 7.1.0.8-1.2
Patchnames:
openSUSE Tumbleweed GA ImageMagick-7.1.0.8-1.2