Great Reviews!Need help setting up your website, installing Apache, PHP, MySQL, or RavenNuke(tm)?Need help customizing or designing scripts?Please contact us via the Contact Us option for further details and pricing.
DESCRIPTION: Some vulnerabilities have been reported in ImageMagick, which can be exploited by malicious people to conduct DoS (Denial of Service) attacks or compromise a user's system.
1) Some integer overflow errors exist within the "AllocateImageColormap()", "ReadDCMImage()", "ReadDIBImage()", and "ReadXBMImage()" functions when processing image files. These can be exploited to cause heap-based buffer overflows via specially crafted image files.
2) An off-by-one error exists within the "ReadBlobString()" function in magick/blob.c when processing image files. This can be exploited to cause a one-byte buffer overflow via a specially crafted image file.
3) A sign extension error exists within the "ReadDIBImage()" function when processing image files. This can be exploited to cause a heap-based buffer overflow when processing specially crafted DIB files.
Successful exploitation of the vulnerabilities allows execution of arbitrary code.
4) Some errors within the "ReadDCMImage()" and "ReadXCFImage()" functions can be exploited to cause the execution of infinite loops via specially crafted DCM or XCF files.
The vulnerabilities are reported in versions prior to 6.3.5-9.
SOLUTION: Update to version 6.3.5-9. - http://www.imagemagick.org/script/download.php
PROVIDED AND/OR DISCOVERED BY: Discovered by regenrecht and reported via iDefense.
ORIGINAL ADVISORY: ImageMagick:
http://studio.imagemagick.org/pipermail/magick-announce/2007-September/000037.html
http://www.imagemagick.org/script/changelog.php
![[Valid RSS]](http://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
:: 
::
