ImageMagick: Multiple vulnerabilities — GLSA 201405-09

Multiple vulnerabilities have been discovered in ImageMagick, the worst of which could lead to arbitrary code execution.

Affected Packages

media-gfx/imagemagick on all architectures
Affected versions < 6.8.8.10
Unaffected versions >= 6.8.8.10

Background

ImageMagick is a collection of tools and libraries for manipulating various image formats.

Description

Multiple vulnerabilities have been discovered in ImageMagick. Please review the CVE identifiers referenced below for details.

Note that CVE-2012-1185 and CVE-2012-1186 were issued due to incomplete fixes for CVE-2012-0247 and CVE-2012-0248, respectively. The earlier CVEs were addressed in GLSA 201203-09.

Impact

A remote attacker can utilize multiple vectors to execute arbitrary code or cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All ImageMagick users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.8.8.10"
 

References

Release Date
May 17, 2014

Latest Revision
May 17, 2014: 1

Severity
normal

Exploitable
remote

Bugzilla entries