Bug 62745 (CVE-2004-0981)

Summary: VUL-0: CVE-2004-0981: integer overflow in ImageMagick EXIF handling
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Marcus Meissner <meissner>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: nadvornik, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: CVE-2004-0981: CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: imagemagick-exifoverflow.patch

Description Marcus Meissner 2004-10-28 22:43:02 UTC 
Ubuntu security advisory. 
 
A buffer overflow in imagemagick's EXIF parsing routine has been 
discovered in imagemagick versions prior to 6.1.0. Trying to query 
EXIF information of a malicious image file might result in execution 
of arbitrary code with the user's privileges. 
 
Since imagemagick can be used in custom printing systems, this also 
might lead to privilege escalation (execute code with the printer 
spooler's privileges). However, Ubuntu's standard printing system does 
not use imagemagick, thus there is no risk of privilege escalation in 
a standard installation.
Comment 1 Marcus Meissner 2004-10-28 22:43:03 UTC 
<!-- SBZ_reproduce  -->
n/a
Comment 2 Marcus Meissner 2004-10-28 22:43:53 UTC 
Created attachment 25570 [details]
imagemagick-exifoverflow.patch

fix from ubuntu
Comment 3 Marcus Meissner 2004-10-28 22:45:58 UTC 
all 8.1 -> STABLE affected apparently 
 
(all use signed 32bit int instead of unsigned)
Comment 4 Vladimir Nadvornik 2004-11-01 22:53:16 UTC 
Packages are submitted to 8.1 - STABLE. 
Can you please submit patchinfos?
Comment 5 Marcus Meissner 2004-11-02 18:42:22 UTC 
patchinfos submitted. 
 
is an SDK package, so no laufzettel for now.
Comment 6 Marcus Meissner 2004-11-17 23:22:17 UTC 
updates hjave been released
Comment 7 Marcus Meissner 2004-12-08 18:05:21 UTC 
This is CAN-2004-0981
Comment 8 Thomas Biege 2009-10-13 19:56:21 UTC 
CVE-2004-0981: CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)