Bugzilla – Bug 67273
VUL-0: CVE-2005-0397: ImageMagick format string bug
Last modified: 2021-11-11 14:34:45 UTC
also, there are dozens of instances of: LogMagickEvent(TraceEvent,GetMagickModule(),image_info->filename); in coders/*.c All of those are format string problems.
(but are harmless enough to be fixed by upstream or so)
Date: Wed, 2 Mar 2005 17:14:12 +0000 (GMT) From: Mark J Cox <mjc@redhat.com> To: Ned Ludd <solar@gentoo.org> Cc: Thierry Carrez <koon@gentoo.org>, vendor-sec@lst.de, Tavis Ormandy <taviso@gentoo.org>, jrb@redhat.com Subject: Re: [vendor-sec] imagemagick filename handling > It's in our bugzilla and is not restricted from normal users viewing it. > it. There are about 75 users who monitor our non restricted security > bugs and are aware of this problem. > http://bugs.gentoo.org/show_bug.cgi?id=83542 Okay, then use CAN-2005-0397 for this. Mark
In ImageMagick 6.1.8 the parameter -scenes seems to be broken anyway. > display -scenes 1-8 "test%d" display: invalid argument `1-8' for option `-scenes'. What should I fix for released product? Only the originaly reported bug or all the bugs mentioned above?
LogMagick fixes are not necessary.
-scenes 1-8 triggers in display. if (IsGeometry(argv[i]) == MagickFalse) ThrowDisplayInvalidArgumentException(option,argv[i]); which is incorrect there... I guess. Vladimir, just fixing this one place is enough.
packages are submitted
swampid: 591
emerge for testing
updates released.
CVE-2005-0397: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)