ImageMagick, GraphicsMagick: Denial of Service vulnerability

ImageMagick, GraphicsMagick: Denial of Service vulnerability ImageMagick and GraphicsMagick utilities can be abused to perform a Denial of Service attack. ImageMagick 2005-05-21 2006-05-22 90423 90595 remote 6.2.2.3 6.2.2.3 1.1.6-r1 1.1.6-r1

Both ImageMagick and GraphicsMagick are collection of tools to read, write and manipulate images in many formats.

Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a Denial of Service vulnerability in the XWD decoder of ImageMagick and GraphicsMagick when setting a color mask to zero.

A remote attacker could submit a specially crafted image to a user or an automated system making use of an affected utility, resulting in a Denial of Service by consumption of CPU time.

There is no known workaround at this time.

All ImageMagick users should upgrade to the latest version:


    # emerge --sync
    # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.2.2.3"

All GraphicsMagick users should upgrade to the latest version:


    # emerge --sync
    # emerge --ask --oneshot --verbose ">=media-gfx/graphicsmagick-1.1.6-r1"

CVE-2005-1739 jaervosz formula7 koon