ImageMagick: User-assisted execution of arbitrary code An integer overflow in ImageMagick might allow remote attackers to cause the remote execution of arbitrary code. imagemagick June 01, 2010 June 01, 2010: 01 271502 remote 6.5.2.9 6.5.2.9

ImageMagick is a collection of tools and libraries for manipulating various image formats.

Tielei Wang has discovered that the XMakeImage() function in magick/xwindow.c is prone to an integer overflow, possibly leading to a buffer overflow.

A remote attacker could entice a user to open a specially crafted image, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application, or a Denial of Service.

There is no known workaround at this time.

All ImageMagick users should upgrade to an unaffected version:

# emerge --sync # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.5.2.9"

NOTE: This is a legacy GLSA. Updates for all affected architectures are available since June 4, 2009. It is likely that your system is already no longer affected by this issue.

CVE-2009-1882 keytoaster a3li a3li