Package: imagemagick Version: 7:6.2.4.5.dfsg1-0.14 Severity: grave Tags: security Justification: user security hole
Hi, here is the problem: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1797 Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which results in a heap-based overflow in the ReadXWDImage function, different issues than CVE-2007-1667. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (100, 'unstable'), (99, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.20-1-686 Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Versions of packages imagemagick depends on: ii libbz2-1.0 1.0.3-6 high-quality block-sorting file co ii libc6 2.5-0exp6 GNU C Library: Shared libraries ii libfreetype6 2.2.1-5 FreeType 2 font engine, shared lib ii libice6 1:1.0.3-1 X11 Inter-Client Exchange library ii libjasper-1.701-1 1.701.0-2 The JasPer JPEG-2000 runtime libra ii libjpeg62 6b-13 The Independent JPEG Group's JPEG ii liblcms1 1.15-1 Color management library ii libmagick9 7:6.2.4.5.dfsg1-0.14 Image manipulation library ii libpng12-0 1.2.15~beta5-1 PNG library - runtime ii libsm6 1:1.0.2-1 X11 Session Management library ii libtiff4 3.8.2-7 Tag Image File Format (TIFF) libra ii libx11-6 2:1.1.1-1 X11 client-side library ii libxext6 1:1.0.3-1 X11 miscellaneous extension librar ii libxml2 2.6.27.dfsg-1 GNOME XML library ii libxt6 1:1.0.5-1 X11 toolkit intrinsics library ii zlib1g 1:1.2.3-13 compression library - runtime imagemagick recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
