漏洞信息详情
ImageMagick PNM图像解码远程缓冲区溢出漏洞
- CNNVD编号:CNNVD-200504-099
- 危害等级: 中危
![图片[1]-ImageMagick PNM图像解码远程缓冲区溢出漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-05-26/30f462579bec41fc25e0b1d57503e6d6.png)
- CVE编号:
CVE-2005-1275
- 漏洞类型:
缓冲区溢出
- 发布时间:
2005-04-25
- 威胁类型:
远程
- 更新时间:
2005-10-20
- 厂 商:
graphicsmagick - 漏洞来源:
Damian Put -
漏洞简介
ImageMagick是一套稳定的工具集和开发包,可以用来读、写和处理超过89种基本格式的图片文件,包括流行的TIFF, JPEG, GIF, PNG, PDF以及PhotoCD等格式。利用ImageMagick,你可以根据web应用程序的需要动态生成图片, 还可以对一个图片或图片序列进行改变大小、旋转、锐化、减色或增加特效,并将操作的结果以相同格式或其它格式保存。对图片的操作,可以通过命令行进行,也可以用C/C++、Perl、Java、PHP、Python或Ruby编程来完成。同时ImageMagick提供了一个高质量的2D工具包,部分地支持SVG。现在,ImageMagic的主要精力集中在性能、减少bug以及提供稳定的API和ABI上。
用于ImageMagick 6.2.1及更早版本的pnm.c中的ReadPNMImage函数存在栈缓冲区溢出,远程攻击者可以通过带有小颜色值的PNM文件来发起拒绝服务攻击(应用程序崩溃)。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
ImageMagick ImageMagick 5.5.7.15
Mandriva ImageMagick-5.5.7.15-6.4.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download
Mandriva ImageMagick-5.5.7.15-6.4.C30mdk.src.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download
Mandriva ImageMagick-5.5.7.15-6.4.C30mdk.src.rpm
Corporate 3.0:
http://www.mandriva.com/en/download
Mandriva ImageMagick-5.5.7.15-6.4.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download
Mandriva ImageMagick-doc-5.5.7.15-6.4.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download
Mandriva ImageMagick-doc-5.5.7.15-6.4.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download
Mandriva lib64Magick5.5.7-5.5.7.15-6.4.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download
Mandriva lib64Magick5.5.7-devel-5.5.7.15-6.4.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download
Mandriva libMagick5.5.7-5.5.7.15-6.4.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download
Mandriva libMagick5.5.7-devel-5.5.7.15-6.4.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download
Mandriva perl-Magick-5.5.7.15-6.4.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download
Mandriva perl-Magick-5.5.7.15-6.4.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download
RedHat Fedora Core2
Fedora ImageMagick-6.2.0.7-2.fc2.4.legacy.i386.rpm
RedHat Fedora Core 2
http://download.fedoralegacy.org/fedora/2/updates/i386/ImageMagick-6.2 .0.7-2.fc2.4.legacy.i386.rpm
Fedora ImageMagick-c++-6.2.0.7-2.fc2.4.legacy.i386.rpm
RedHat Fedora Core 2
http://download.fedoralegacy.org/fedora/2/updates/i386/ImageMagick-c++ -6.2.0.7-2.fc2.4.legacy.i386.rpm
Fedora ImageMagick-c++-devel-6.2.0.7-2.fc2.4.legacy.i386.rpm
RedHat Fedora Core 2
http://download.fedoralegacy.org/fedora/2/updates/i386/ImageMagick-c++ -devel-6.2.0.7-2.fc2.4.legacy.i386.rpm
Fedora ImageMagick-devel-6.2.0.7-2.fc2.4.legacy.i386.rpm
RedHat Fedora Core 2
http://download.fedoralegacy.org/fedora/2/updates/i386/ImageMagick-dev el-6.2.0.7-2.fc2.4.legacy.i386.rpm
Fedora ImageMagick-perl-6.2.0.7-2.fc2.4.legacy.i386.rpm
RedHat Fedora Core 2
http://download.fedoralegacy.org/fedora/2/updates/i386/ImageMagick-per l-6.2.0.7-2.fc2.4.legacy.i386.rpm
RedHat Fedora Core1
Fedora ImageMagick-5.5.6-13.legacy.i386.rpm
RedHat Fedora Core 1
http://download.fedoralegacy.org/fedora/1/updates/i386/ImageMagick-5.5 .6-13.legacy.i386.rpm
Fedora ImageMagick-c++-5.5.6-13.legacy.i386.rpm
RedHat Fedora Core 1
http://download.fedoralegacy.org/fedora/1/updates/i386/ImageMagick-c++ -5.5.6-13.legacy.i386.rpm
Fedora ImageMagick-c++-devel-5.5.6-13.legacy.i386.rpm
RedHat Fedora Core 1
http://download.fedoralegacy.org/fedora/1/updates/i386/ImageMagick-c++ -devel-5.5.6-13.legacy.i386.rpm
Fedora ImageMagick-devel-5.5.6-13.legacy.i386.rpm
RedHat Fedora Core 1
http://download.fedoralegacy.org/fedora/1/updates/i386/ImageMagick-dev el-5.5.6-13.legacy.i386.rpm
Fedora ImageMagick-perl-5.5.6-13.legacy.i386.rpm
RedHat Fedora Core 1
http://download.fedoralegacy.org/fedora/1/updates/i386/ImageMagick-per l-5.5.6-13.legacy.i386.rpm
ImageMagick ImageMagick 6.2.0.3
Mandriva ImageMagick-6.2.0.3-8.1.102mdk.i586.rpm
Mandrakelinux 10.2:
http://www.mandriva.com/en/download
Mandriva ImageMagick-6.2.0.3-8.1.102mdk.src.rpm
Mandrakelinux 10.2/X86_64:
http://www.mandriva.com/en/download
Mandriva ImageMagick-6.2.0.3-8.1.102mdk.src.rpm
Mandrakelinux 10.2:
http://www.mandriva.com/en/download
Mandriva ImageMagick-6.2.0.3-8.1.102mdk.x86_64.rpm
Mandrakelinux 10.2/X86_64:
http://www.mandriva.com/en/download
Mandriva ImageMagick-doc-6.2.0.3-8.1.102mdk.i586.rpm
Mandrakelinux 10.2:
http://www.mandriva.com/en/download
Mandriva ImageMagick-doc-6.2.0.3-8.1.102mdk.x86_64.rpm
Mandrakelinux 10.2/X86_64:
http://www.mandriva.com/en/download
Mandriva lib64Magick8.0.2-6.2.0.3-8.1.102mdk.x86_64.rpm
Mandrakelinux 10.2/X86_64:
http://www.mandriva.com/en/download
Mandriva lib64Magick8.0.2-devel-6.2.0.3-8.1.102mdk.x86_64.rpm
Mandrakelinux 10.2/X86_64:
http://www.mandriva.com/en/download
Mandriva libMagick8.0.2-6.2.0.3-8.1.102mdk.i586.rpm
Mandrakelinux 10.2:
http://www.mandriva.com/en/download
Mandriva libMagick8.0.2-devel-6.2.0.3-8.1.102mdk.i586.rpm
Mandrakelinux 10.2:
http://www.mandriva.com/en/download
Mandriva perl-Image-Magick-6.2.0.3-8.1.102mdk.i586.rpm
Mandrakelinux 10.2:
http://www.mandriva.com/en/download
Mandriva perl-Image-Magick-6.2.0.3-8.1.102mdk.x86_64.rpm
Mandrakelinux 10.2/X86_64:
http://www.mandriva.com/en/download
ImageMagick ImageMagick 6.0.4.4
Mandriva ImageMagick-6.0.4.4-5.3.101mdk.i586.rpm
Mandrakelinux 10.1:
http://www.mandriva.com/en/download
Mandriva ImageMagick-6.0.4.4-5.3.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
http://www.mandriva.com/en/download
Mandriva ImageMagick-6.0.4.4-5.3.101mdk.src.rpm
Mandrakelinux 10.1:
http://www.mandriva.com/en/download
Mandriva ImageMagick-6.0.4.4-5.3.101mdk.x86_64.rpm
Mandrakelinux 10.1/X86_64:
http://www.mandriva.com/en/download
Mandriva ImageMagick-doc-6.0.4.4-5.3.101mdk.i586.rpm
Mandrakelinux 10.1:
http://www.mandriva.com/en/download
Mandriva ImageMagick-doc-6.0.4.4-5.3.101mdk.x86_64.rpm
Mandrakelinux 10.1/X86_64:
http://www.mandriva.com/en/download
Mandriva lib64Magick6.4.0-6.0.4.4-5.3.101mdk.x86_64.rpm
Mandrakelinux 10.1/X86_64:
http://www.mandriva.com/en/download
Mandriva lib64Magick6.4.0-devel-6.0.4.4-5.3.101mdk.x86_64.rpm
Mandrakelinux 10.1/X86_64:
http://www.mandriva.com/en/download
Mandriva libMagick6.4.0-6.0.4.4-5.3.101mdk.i586.rpm
Mandrakelinux 10.1:
http://www.mandriva.com/en/download
Mandriva libMagick6.4.0-devel-6.0.4.4-5.3.101mdk.i586.rpm
Mandrakelinux 10.1:
http://www.mandriva.com/en/download
Mandriva perl-Magick-6.0.4.4-5.3.101mdk.i586.rpm
Mandrakelinux 10.1:
http://www.mandriva.com/en/download
Mandriva perl-Magick-6.0.4.4-5.3.101mdk.x86_64.rpm
Mandrakelinux 10.1/X86_64:
http://www.mandriva.com/en/download
GraphicsMagick GraphicsMagick 1.0
GraphicsMagick GraphicsMagick-1.1.6.tar.gz
http://prdownloads.sourceforge.net/graphicsmagick/GraphicsMagick-1.1.6 .tar.gz?download
GraphicsMagick GraphicsMagick 1.0.6
GraphicsMagick GraphicsMagick-1.1.6.tar.gz
http://prdownloads.sourceforge.net/graphicsmagick/GraphicsMagick-1.1.6 .tar.gz?download
参考网址
来源: www.imagemagick.org
链接:http://www.imagemagick.org/script/changelog.php
来源: BID
名称: 13351
链接:http://www.securityfocus.com/bid/13351
来源: MISC
链接:http://www.overflow.pl/adv/imheapoverflow.txt
来源: BUGTRAQ
名称: 20050424 [Overflow.pl] ImageMagick ReadPNMImage() Heap Overflow
链接:http://seclists.org/lists/bugtraq/2005/Apr/0407.html
来源: MISC
链接:http://bugs.gentoo.org/show_bug.cgi?id=90423
来源: REDHAT
名称: RHSA-2005:413
链接:http://www.redhat.com/support/errata/RHSA-2005-413.html
来源: MANDRAKE
名称: MDKSA-2005:107
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2005:107
来源: US Government Resource: oval:org.mitre.oval:def:711
名称: oval:org.mitre.oval:def:711
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:711
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
