 Updated imagemagick (6.2.9-8 -> 6.3.8-9) : SECURITY - CRITICAL
re-diffed multilib-fix.patch for new version
CVE-2007-1797 (High) :
Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute
arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the
ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image,
which results in a heap-based overflow in the ReadXWDImage function, different issues than
CVE-2007-1667.
CVE-2007-4985 (Medium) :
ImageMagick before 6.3.5-9 allows context-dependent attackers to cause a denial of service via
a crafted image file that triggers (1) an infinite loop in the ReadDCMImage function, related to
ReadBlobByte function calls; or (2) an infinite loop in the ReadXCFImage function, related to
ReadBlobMSBLong function calls.
CVE-2007-4986 (High) :
Multiple integer overflows in ImageMagick before 6.3.5-9 allow context-dependent attackers to
execute arbitrary code via a crafted (1) .dcm, (2) .dib, (3) .xbm, (4) .xcf, or (5) .xwd image file,
which triggers a heap-based buffer overflow.
CVE-2007-4987 (High) :
Off-by-one error in the ReadBlobString function in blob.c in ImageMagick before 6.3.5-9 allows
context-dependent attackers to execute arbitrary code via a crafted image file, which triggers
the writing of a '\0' character to an out-of-bounds address.
CVE-2007-4988 (Medium) :
Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows
context-dependent attackers to execute arbitrary code via a crafted width value in an image file,
which triggers an integer overflow and a heap-based buffer overflow.
17 years ago Updated imagemagick (6.2.9-8 -> 6.3.8-9) : SECURITY - CRITICAL
re-diffed multilib-fix.patch for new version
CVE-2007-1797 (High) :
Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute
arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the
ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image,
which results in a heap-based overflow in the ReadXWDImage function, different issues than
CVE-2007-1667.
CVE-2007-4985 (Medium) :
ImageMagick before 6.3.5-9 allows context-dependent attackers to cause a denial of service via
a crafted image file that triggers (1) an infinite loop in the ReadDCMImage function, related to
ReadBlobByte function calls; or (2) an infinite loop in the ReadXCFImage function, related to
ReadBlobMSBLong function calls.
CVE-2007-4986 (High) :
Multiple integer overflows in ImageMagick before 6.3.5-9 allow context-dependent attackers to
execute arbitrary code via a crafted (1) .dcm, (2) .dib, (3) .xbm, (4) .xcf, or (5) .xwd image file,
which triggers a heap-based buffer overflow.
CVE-2007-4987 (High) :
Off-by-one error in the ReadBlobString function in blob.c in ImageMagick before 6.3.5-9 allows
context-dependent attackers to execute arbitrary code via a crafted image file, which triggers
the writing of a '\0' character to an out-of-bounds address.
CVE-2007-4988 (Medium) :
Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows
context-dependent attackers to execute arbitrary code via a crafted width value in an image file,
which triggers an integer overflow and a heap-based buffer overflow.
17 years ago Updated imagemagick (6.2.9-8 -> 6.3.8-9) : SECURITY - CRITICAL
re-diffed multilib-fix.patch for new version
CVE-2007-1797 (High) :
Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute
arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the
ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image,
which results in a heap-based overflow in the ReadXWDImage function, different issues than
CVE-2007-1667.
CVE-2007-4985 (Medium) :
ImageMagick before 6.3.5-9 allows context-dependent attackers to cause a denial of service via
a crafted image file that triggers (1) an infinite loop in the ReadDCMImage function, related to
ReadBlobByte function calls; or (2) an infinite loop in the ReadXCFImage function, related to
ReadBlobMSBLong function calls.
CVE-2007-4986 (High) :
Multiple integer overflows in ImageMagick before 6.3.5-9 allow context-dependent attackers to
execute arbitrary code via a crafted (1) .dcm, (2) .dib, (3) .xbm, (4) .xcf, or (5) .xwd image file,
which triggers a heap-based buffer overflow.
CVE-2007-4987 (High) :
Off-by-one error in the ReadBlobString function in blob.c in ImageMagick before 6.3.5-9 allows
context-dependent attackers to execute arbitrary code via a crafted image file, which triggers
the writing of a '\0' character to an out-of-bounds address.
CVE-2007-4988 (Medium) :
Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows
context-dependent attackers to execute arbitrary code via a crafted width value in an image file,
which triggers an integer overflow and a heap-based buffer overflow.
17 years ago Updated imagemagick (6.2.9-8 -> 6.3.8-9) : SECURITY - CRITICAL
re-diffed multilib-fix.patch for new version
CVE-2007-1797 (High) :
Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute
arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the
ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image,
which results in a heap-based overflow in the ReadXWDImage function, different issues than
CVE-2007-1667.
CVE-2007-4985 (Medium) :
ImageMagick before 6.3.5-9 allows context-dependent attackers to cause a denial of service via
a crafted image file that triggers (1) an infinite loop in the ReadDCMImage function, related to
ReadBlobByte function calls; or (2) an infinite loop in the ReadXCFImage function, related to
ReadBlobMSBLong function calls.
CVE-2007-4986 (High) :
Multiple integer overflows in ImageMagick before 6.3.5-9 allow context-dependent attackers to
execute arbitrary code via a crafted (1) .dcm, (2) .dib, (3) .xbm, (4) .xcf, or (5) .xwd image file,
which triggers a heap-based buffer overflow.
CVE-2007-4987 (High) :
Off-by-one error in the ReadBlobString function in blob.c in ImageMagick before 6.3.5-9 allows
context-dependent attackers to execute arbitrary code via a crafted image file, which triggers
the writing of a '\0' character to an out-of-bounds address.
CVE-2007-4988 (Medium) :
Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows
context-dependent attackers to execute arbitrary code via a crafted width value in an image file,
which triggers an integer overflow and a heap-based buffer overflow.
17 years ago |
|
# --- SDE-COPYRIGHT-NOTE-BEGIN ---# This copyright note is auto-generated by ./scripts/Create-CopyPatch.## Filename: package/.../imagemagick/multilib-fix.patch# Copyright (C) 2008 The OpenSDE Project# Copyright (C) 2006 The T2 SDE Project## More information can be found in the files COPYING and README.## This patch file is dual-licensed. It is available under the license the# patched project is licensed under, as long as it is an OpenSource license# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms# of the GNU General Public License as published by the Free Software# Foundation; either version 2 of the License, or (at your option) any later# version.# --- SDE-COPYRIGHT-NOTE-END ---
On 64bit multilib-systems this had caused linking to 32bit libs. -- jsawre-diffed for 6.2.8 and then for 6.3 version - Aldas (Baldzius)
diff -Nur ImageMagick-6.3.8-orig/configure.ac ImageMagick-6.3.8/configure.ac
--- ImageMagick-6.3.8-orig/configure.ac 2008-02-18 11:50:29.000000000 +0100
+++ ImageMagick-6.3.8/configure.ac 2008-02-18 11:52:24.000000000 +0100
@@ -2170,7 +2170,7 @@
CPPFLAGS="$CPPFLAGS -I${xml2_prefix}/include/libxml2" fi if test "${xml2_prefix}" != '/usr'; then- LDFLAGS="$LDFLAGS -L${xml2_prefix}/lib"
+ LDFLAGS="$LDFLAGS"
fi fi failed=0;
|
