Security Hole in free graphics program ImageMagick
The security experts from overflow.pl have discovered a security hole in the cost-free open source graphics program ImageMagick. It could be used by attackers to plant malicious code. The error can occur during the processing of manipulated images in SGI format.
Integer variables can be forced to overrun by setting large values in specific parameter fields of an SGI image used for calculating image size. This leads to the allocation of insufficient memory for the subsequent image operations. The new version of the graphics software, 6.2.9, closes this security breach.
- ImageMagick ReadSGIImage() Heap Overflow, Security advisory from overflow.pl
- Homepage of ImageMagick including links to downloads of the latest version
(ehe)