Vigil@nce: ImageMagick, integer overflow of XMakeImage
June 2009 by Vigil@nce
An attacker can generate an overflow in ImageMagick, in order to
create a denial of service or to execute code.
– Severity: 2/4
– Consequences: user access/rights, denial of service of client
– Provenance: document
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 28/05/2009
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The ImageMagick application handles images, and displays them.
The XMakeImage() function of the magick/xwindow.c file displays an
image on a X11 environment :
XMakeImage(display, resource_info, window, image, width, height);
The "width" and "height" parameters indicate the size of the image
to display. When these parameters are too big, a multiplication
overflows, and an allocated memory area becomes too short.
An attacker can therefore generate an overflow in ImageMagick, in
order to create a denial of service or to execute code.
CHARACTERISTICS
– Identifiers: BID-35111, VIGILANCE-VUL-8743
– Url: http://vigilance.fr/vulnerability/ImageMagick-integer-overflow-of-XMakeImage-8743