Security holes in ImageMagick fixed
The developers of the free imaging software ImageMagick 6.3.5-9 have reportedly closed four security holes that could be exploited on various operating systems. Although there are no known exploits for these bugs, the developers recommend users to update to the new version. An integer overflow vulnerability allows attackers to crash programs that use an ImageMagick library. Two vulnerabilities can be exploited for arbitrary code injection and execution on the target PC, and a fourth hole might be usable to conduct denial-of-service attacks by consumption of excessive CPU resources.
Security advisories by iDefense:
- Multiple Vendor ImageMagick Multiple Integer Overflow Vulnerabilities
- Multiple Vendor ImageMagick Off-By-One Vulnerability
- Multiple Vendor ImageMagick Multiple Denial of Service Vulnerabilities
- Multiple Vendor ImageMagick Sign Extension Vulnerability