Launchpad CVE tracker

CVE 2007-4985

ImageMagick before 6.3.5-9 allows context-dependent attackers to cause a denial of service via a crafted image file that triggers (1) an infinite loop in the ReadDCMImage function, related to ReadBlobByte function calls; or (2) an infinite loop in the ReadXCFImage function, related to ReadBlobMSBLong function calls.

Related bugs and status

CVE-2007-4985 (Candidate) is related to these bugs:

Bug #144425: [ImageMagick] security issues with releases prior to 6.3.5-9

		In	Importance	Status
144425	[ImageMagick] security issues with releases prior to 6.3.5-9	imagemagick (Ubuntu)	Medium	Fix Released
144425	[ImageMagick] security issues with releases prior to 6.3.5-9	imagemagick (Ubuntu Dapper)	Medium	Fix Released
144425	[ImageMagick] security issues with releases prior to 6.3.5-9	imagemagick (Ubuntu Gutsy)	Medium	Fix Released
144425	[ImageMagick] security issues with releases prior to 6.3.5-9	imagemagick (Ubuntu Edgy)	Medium	Fix Released
144425	[ImageMagick] security issues with releases prior to 6.3.5-9	imagemagick (Ubuntu Feisty)	Medium	Fix Released
144425	[ImageMagick] security issues with releases prior to 6.3.5-9	graphicsmagick (Ubuntu)	Medium	Fix Released
144425	[ImageMagick] security issues with releases prior to 6.3.5-9	graphicsmagick (Ubuntu Dapper)	Medium	Won't Fix
144425	[ImageMagick] security issues with releases prior to 6.3.5-9	graphicsmagick (Ubuntu Edgy)	Medium	Won't Fix
144425	[ImageMagick] security issues with releases prior to 6.3.5-9	graphicsmagick (Ubuntu Feisty)	Medium	Won't Fix
144425	[ImageMagick] security issues with releases prior to 6.3.5-9	graphicsmagick (Ubuntu Gutsy)	Medium	Won't Fix
144425	[ImageMagick] security issues with releases prior to 6.3.5-9	graphicsmagick (Debian)	Unknown	Fix Released
144425	[ImageMagick] security issues with releases prior to 6.3.5-9	graphicsmagick (Gentoo Linux)	High	Fix Released

Bug #204349: [FFe] Please sync graphicsmagick 1.1.11-1 from Debian(Unstable)

Summary				In	Importance	Status
	204349	[FFe] Please sync graphicsmagick 1.1.11-1 from Debian(Unstable)		graphicsmagick (Ubuntu)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

IDEFENSE: 20070919 Multiple Vend...
MLIST: [Magick-announce] 2007...
BID: 25764
CONFIRM: http://www.imagemagick...
SECTRACK: 1018729
SECUNIA: 26926
UBUNTU: USN-523-1
SECUNIA: 27048
CONFIRM: https://issues.rpath.c...
SECUNIA: 27309
CONFIRM: http://bugs.gentoo.org...
GENTOO: GLSA-200710-27
SECUNIA: 27364
SUSE: SUSE-SR:2007:023
SECUNIA: 27439
MANDRIVA: MDVSA-2008:035
SECUNIA: 28721
REDHAT: RHSA-2008:0145
REDHAT: RHSA-2008:0165
SECUNIA: 29786
SECUNIA: 29857
DEBIAN: DSA-1858
SECUNIA: 36260
VUPEN: ADV-2007-3245
XF: imagemagick-readdcmima...
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20071112 FLEA-2007-006...

Launchpad.net

CVE 2007-4985

Related bugs and status

Related bugs

References