FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ImageMagick -- format string vulnerability

Affected packages
ImageMagick <
ImageMagick-nox11 <


VuXML ID 713c3913-8c2b-11d9-b58c-0001020eed82
Discovery 2005-03-02
Entry 2005-03-03

Tavis Ormandy reports:

magemagick-6.2.0-3 fixes an potential issue handling malformed filenames, the flaw may affect webapps or scripts that use the imagemagick utilities for image processing, or applications linked with libMagick.

This vulnerability could crash ImageMagick or potentially lead to the execution of arbitrary code with the permissions of the user running ImageMagick.


CVE Name CVE-2005-0397