exploits , vulnerabilities , articles , ImageMagick ReadDIBImage Integer Overflow Vulnerability

Title	ImageMagick ReadDIBImage Integer Overflow Vulnerability
Published	2007-09-21-12:00AM
Updated	2008-02-25-02:33PM
Class	Boundary Condition Error
CVE	CVE-2007-4988
Remote	Yes
Local	No
Credit	Regenrecht discovered this issue.
Vulnerable	Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux Standard Server 8.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. SUSE Linux Enterprise Server 10 SP1 S.u.S.E. SUSE Linux Enterprise Server 10 S.u.S.E. SUSE Linux Enterprise Desktop 10 SP1 S.u.S.E. SUSE Linux Enterprise Desktop 10 S.u.S.E. SLE SDK 10.SP1 S.u.S.E. openSUSE 10.3 S.u.S.E. openSUSE 10.2 S.u.S.E. OpenEnterpriseServer 0 S.u.S.E. Novell Linux POS 9 S.u.S.E. Novell Linux Desktop 9 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 10.2 x86_64 S.u.S.E. Linux Professional 10.2 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 10.2 x86_64 S.u.S.E. Linux Personal 10.2 S.u.S.E. Linux Personal 10.1 S.u.S.E. Linux Enterprise Server 9 S.u.S.E. Linux Enterprise Server 8 S.u.S.E. Linux Enterprise Server 10.SP1 S.u.S.E. Linux Enterprise Server 10 S.u.S.E. Linux Desktop 10 S.u.S.E. Linux 10.1 x8664 S.u.S.E. Linux 10.1 x86 S.u.S.E. Linux 10.1 ppc S.u.S.E. Linux 10.0 x8664 S.u.S.E. Linux 10.0 x86 S.u.S.E. Linux 10.0 ppc MandrakeSoft Linux Mandrake 2008.0 x86_64 MandrakeSoft Linux Mandrake 2008.0 MandrakeSoft Linux Mandrake 2007.1 x86_64 MandrakeSoft Linux Mandrake 2007.1 MandrakeSoft Linux Mandrake 2007.0 x86_64 MandrakeSoft Linux Mandrake 2007.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 4.0 ImageMagick ImageMagick 6.3.4 ImageMagick ImageMagick 6.2.9 ImageMagick ImageMagick 6.2.8 ImageMagick ImageMagick 6.2.7 ImageMagick ImageMagick 6.2.6 ImageMagick ImageMagick 6.2.5 ImageMagick ImageMagick 6.2.4 .5 ImageMagick ImageMagick 6.2.4 ImageMagick ImageMagick 6.2.3 ImageMagick ImageMagick 6.2.2 Gentoo Linux ImageMagick ImageMagick 6.2.1 ImageMagick ImageMagick 6.2 .0.7 RedHat Fedora Core3 RedHat Fedora Core2 ImageMagick ImageMagick 6.2 .0.4 Gentoo Linux ImageMagick ImageMagick 6.2 ImageMagick ImageMagick 6.1.8 Gentoo Linux ImageMagick ImageMagick 6.1.7 ImageMagick ImageMagick 6.1.6 ImageMagick ImageMagick 6.1.5 ImageMagick ImageMagick 6.1.4 ImageMagick ImageMagick 6.1.3 ImageMagick ImageMagick 6.1.2 ImageMagick ImageMagick 6.1.1 ImageMagick ImageMagick 6.1 ImageMagick ImageMagick 6.0.8 ImageMagick ImageMagick 6.0.7 RedHat Desktop 4.0 RedHat Enterprise Linux Desktop version 4 RedHat Enterprise Linux AS 4 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux WS 4 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 ImageMagick ImageMagick 6.0.6 Ubuntu Ubuntu Linux 5.0 4 powerpc Ubuntu Ubuntu Linux 5.0 4 i386 Ubuntu Ubuntu Linux 5.0 4 amd64 ImageMagick ImageMagick 6.0.5 Turbolinux Home Turbolinux Turbolinux Desktop 10.0 Turbolinux Turbolinux Server 10.0 ImageMagick ImageMagick 6.0.4 ImageMagick ImageMagick 6.0.3 ImageMagick ImageMagick 6.0.2 .5 ImageMagick ImageMagick 6.0.2 Ubuntu Ubuntu Linux 4.1 ppc Ubuntu Ubuntu Linux 4.1 ia64 Ubuntu Ubuntu Linux 4.1 ia32 ImageMagick ImageMagick 6.0.1 ImageMagick ImageMagick 6.0 ImageMagick ImageMagick 5.5.7 MandrakeSoft Linux Mandrake 10.0 AMD64 MandrakeSoft Linux Mandrake 10.0 MandrakeSoft Linux Mandrake 9.2 amd64 MandrakeSoft Linux Mandrake 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 ImageMagick ImageMagick 5.5.6 .020030409 OpenPKG OpenPKG Current ImageMagick ImageMagick 5.5.6 .020030409 ImageMagick ImageMagick 5.5.6 ImageMagick ImageMagick 5.5.4 S.u.S.E. Linux Personal 8.2 ImageMagick ImageMagick 5.5.3 .21.2.0 OpenPKG OpenPKG 1.2 ImageMagick ImageMagick 5.4.8 .21.1.0 OpenPKG OpenPKG 1.1 ImageMagick ImageMagick 5.4.8 MandrakeSoft Corporate Server 2.1 x86_64 MandrakeSoft Corporate Server 2.1 ImageMagick ImageMagick 5.4.7 Turbolinux Turbolinux Server 8.0 ImageMagick ImageMagick 5.4.4 .5 Debian Linux 3.0 sparc Debian Linux 3.0 s/390 Debian Linux 3.0 ppc Debian Linux 3.0 mipsel Debian Linux 3.0 mips Debian Linux 3.0 m68k Debian Linux 3.0 ia64 Debian Linux 3.0 ia32 Debian Linux 3.0 hppa Debian Linux 3.0 arm Debian Linux 3.0 alpha Debian Linux 3.0 ImageMagick ImageMagick 5.4.3 ImageMagick ImageMagick 5.3.8 ImageMagick ImageMagick 5.3.3 Turbolinux Turbolinux Server 7.0 Turbolinux Turbolinux Workstation 7.0 ImageMagick ImageMagick 6.3.36 ImageMagick ImageMagick 6.3.35 ImageMagick ImageMagick 6.3.33 ImageMagick ImageMagick 6.3.2 ImageMagick ImageMagick 6.3.1 ImageMagick ImageMagick 6.2.9.2 ImageMagick ImageMagick 6.2.9.2 ImageMagick ImageMagick 6.2.9 ImageMagick ImageMagick 6.2.4.3 ImageMagick ImageMagick 6.2.4.3 ImageMagick ImageMagick 6.2.3.4 ImageMagick ImageMagick 6.2.0.3 ImageMagick ImageMagick 6.0.6.2 Ubuntu Ubuntu Linux 5.0 4 powerpc Ubuntu Ubuntu Linux 5.0 4 i386 Ubuntu Ubuntu Linux 5.0 4 amd64 ImageMagick ImageMagick 6.0.4.4 ImageMagick ImageMagick 6.0.4.4 MandrakeSoft Linux Mandrake 10.1 x86_64 MandrakeSoft Linux Mandrake 10.1 ImageMagick ImageMagick 5.5.7.15 MandrakeSoft Linux Mandrake 10.0 AMD64 MandrakeSoft Linux Mandrake 10.0 MandrakeSoft Linux Mandrake 9.2 amd64 MandrakeSoft Linux Mandrake 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 ImageMagick ImageMagick 5.4.2.3 Turbolinux Turbolinux Workstation 8.0 ImageMagick ImageMagick 5.4.2.3 MandrakeSoft Linux Mandrake 10.0 AMD64 MandrakeSoft Linux Mandrake 10.0 AMD64 MandrakeSoft Linux Mandrake 10.0 MandrakeSoft Linux Mandrake 10.0 MandrakeSoft Linux Mandrake 9.2 amd64 MandrakeSoft Linux Mandrake 9.2 amd64 MandrakeSoft Linux Mandrake 9.2 MandrakeSoft Linux Mandrake 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 9.0 GraphicsMagick GraphicsMagick 1.1.10 Gentoo Linux Foresight Linux Foresight Linux 1.1
Not Vulnerable	ImageMagick ImageMagick 6.3.5-9 ImageMagick ImageMagick 6.3.5-10 GraphicsMagick GraphicsMagick 1.1.11
Code	Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: content@securitydot.net.
TXT

Vulnerabilities - newest 10 RSS | More

2009-01-09 MODx Prior to 0.9.6.3 Multiple Cross Site Scripting Vulnerabilities
2009-01-09 Check Point SecurePlatform Unspecified Remote Security Vulnerability
2009-01-09 Sun Java Web Start and Java Plug-in JAR File Privilege Escalation Vulnerability
2009-01-09 NetGear WG102 SNMP Write Community String Information Disclosure Vulnerability
2009-01-09 Serv-U Remote Denial of Service Vulnerabilities
2009-01-09 QuoteBook Information Disclosure, SQL Injection and HTML Injection Vulnerabilities
2009-01-08 Oracle January 2009 Oracle Critical Patch Update Pre-Release Announcement Multiple Vulnerabilities
2009-01-08 Microsoft January 2009 Advance Notification Multiple Vulnerabilities
2009-01-08 IBM WebSphere DataPower XML Security Gateway XS40 Remote Denial Of Service Vulnerability
2009-01-08 Drupal Project Release Module Multiple Remote Vulnerabilities