62745 – (CVE-2004-0981) VUL-0: CVE-2004-0981: integer overflow in ImageMagick EXIF handling

Bug 62745 (CVE-2004-0981) - VUL-0: CVE-2004-0981: integer overflow in ImageMagick EXIF handling

Summary: VUL-0: CVE-2004-0981: integer overflow in ImageMagick EXIF handling

Status:	RESOLVED FIXED

Alias:	CVE-2004-0981

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	All Linux

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Marcus Meissner
QA Contact:	Security Team bot

URL:
Whiteboard:	CVE-2004-0981: CVSS v2 Base Score: 10...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2004-10-28 22:43 UTC by Marcus Meissner
Modified:	2021-10-12 13:34 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
imagemagick-exifoverflow.patch (624 bytes, patch) 2004-10-28 22:43 UTC, Marcus Meissner	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2004-10-28 22:43:02 UTC

Ubuntu security advisory. 
 
A buffer overflow in imagemagick's EXIF parsing routine has been 
discovered in imagemagick versions prior to 6.1.0. Trying to query 
EXIF information of a malicious image file might result in execution 
of arbitrary code with the user's privileges. 
 
Since imagemagick can be used in custom printing systems, this also 
might lead to privilege escalation (execute code with the printer 
spooler's privileges). However, Ubuntu's standard printing system does 
not use imagemagick, thus there is no risk of privilege escalation in 
a standard installation.

Comment 1 Marcus Meissner 2004-10-28 22:43:03 UTC

<!-- SBZ_reproduce  -->
n/a

Comment 2 Marcus Meissner 2004-10-28 22:43:53 UTC

Created attachment 25570 [details]
imagemagick-exifoverflow.patch

fix from ubuntu

Comment 3 Marcus Meissner 2004-10-28 22:45:58 UTC

all 8.1 -> STABLE affected apparently 
 
(all use signed 32bit int instead of unsigned)

Comment 4 Vladimir Nadvornik 2004-11-01 22:53:16 UTC

Packages are submitted to 8.1 - STABLE. 
Can you please submit patchinfos?

Comment 5 Marcus Meissner 2004-11-02 18:42:22 UTC

patchinfos submitted. 
 
is an SDK package, so no laufzettel for now.

Comment 6 Marcus Meissner 2004-11-17 23:22:17 UTC

updates hjave been released

Comment 7 Marcus Meissner 2004-12-08 18:05:21 UTC

This is CAN-2004-0981

Comment 8 Thomas Biege 2009-10-13 19:56:21 UTC

CVE-2004-0981: CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)