ImageMagick: User-assisted execution of arbitrary code

ImageMagick: User-assisted execution of arbitrary code Vulnerabilities found in ImageMagick might allow remote attackers to execute arbitrary code. ImageMagick 2012-03-06 2012-03-06 402999 remote 6.7.5.3 6.7.5.3

ImageMagick is a collection of tools and libraries for manipulating various image formats.

Two vulnerabilities have been found in ImageMagick:

Incorrect offset and count values in the ResolutionUnit tag in EXIF IFD could cause memory corruption (CVE-2012-0247).
IOP tag offsets pointing to the beginning of an IFD could cause an infinite loop of ImageMagick parsing the IFD structure (CVE-2012-0248).

A remote attacker could entice a user to open a specially crafted image, possibly resulting in execution of arbitrary code or a Denial of Service condition.

There is no known workaround at this time.

All ImageMagick users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.7.5.3"

CVE-2012-0247 CVE-2012-0248 ackle ackle