ImageMagick stumbles over SUN and GIMP images
ImageMagick, a collection of tools for image editing, has a flaw in its routine for processing images in the GIMP format xcf as well as in the graphics format from Sun. Attackers can use specially manipulated images to cause the software to crash, or even plant arbitrary malware.
ImageMagick is often used for server-side scripts for image editing, such as for depicting forum images in a reduced thumbnail size. Attackers can exploit the vulnerability to achieve access to this kind of systems.
ImageMagick versions 6.2.9 and earlier are affected. The ImageMagick developers have made updated packages available in version 6.2.9-1 that close the security hole. Users of the software should install the new version immediately. Linux distributors will also soon be making updated packets available; for its part, Red Hat is already delivering updates.
- media-gfx/imagemagick: heap and stack buffer overflow, Advisory from Tavis Ormandi in the Gentoo Bugtracker
- Download of the updated ImageMagick Package
(ehe)