Launchpad.net

CVE 2009-1882

Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of these details are obtained from third party information.

Related bugs and status

CVE-2009-1882 (Candidate) is related to these bugs:

Bug #385324: Update imagemagick to fix security vulnerability

Summary				In	Importance	Status
	385324	Update imagemagick to fix security vulnerability		The Dell Mini Project	Undecided	Confirmed

Bug #430639: Sync graphicsmagick 1.3.5-5.1 (universe) from Debian unstable (main)

Summary				In	Importance	Status
	430639	Sync graphicsmagick 1.3.5-5.1 (universe) from Debian unstable (main)		graphicsmagick (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://imagemagick.org...
CONFIRM: http://mirror1.smudge-...
BID: 35111
OSVDB: 54729
SECUNIA: 35216
VUPEN: ADV-2009-1449
SECUNIA: 35382
SUSE: SUSE-SR:2009:012
SECUNIA: 35685
DEBIAN: DSA-1858
SECUNIA: 36260
MLIST: [oss-security] 2009060...
FEDORA: FEDORA-2010-0001
FEDORA: FEDORA-2010-0036
SECUNIA: 37959
CONFIRM: http://wiki.rpath.com/...
GENTOO: GLSA-201311-10
SECUNIA: 55721
UBUNTU: USN-784-1
BUGTRAQ: 20101027 rPSA-2010-007...