Launchpad CVE tracker

CVE 2005-0397

Format string vulnerability in the SetImageInfo function in image.c for ImageMagick before 6.0.2.5 may allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a filename argument to convert, which may be called by other web applications.

Related bugs and status

CVE-2005-0397 (Candidate) is related to these bugs:

Bug #13496: FWD: [USN-90-1] Imagemagick vulnerability

Summary				In	Importance	Status
	13496	FWD: [USN-90-1] Imagemagick vulnerability		imagemagick (Ubuntu)	High	Fix Released
	13496	FWD: [USN-90-1] Imagemagick vulnerability		imagemagick (Debian)	Unknown	Fix Released

Bug #27767: Shell command injection in delegate code (via file names)

Summary				In	Importance	Status
	27767	Shell command injection in delegate code (via file names)		imagemagick (Ubuntu)	High	Fix Released
	27767	Shell command injection in delegate code (via file names)		imagemagick (Debian)	Unknown	Fix Released

Bug #27952: imagemagick: New format string vulnerability in SetImageInfo().

Summary				In	Importance	Status
	27952	imagemagick: New format string vulnerability in SetImageInfo().		imagemagick (Ubuntu)	High	Fix Released
	27952	imagemagick: New format string vulnerability in SetImageInfo().		imagemagick (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2005-0397

References