Vulnerability Description
Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Enlightenment | Imlib | 1.9 |
| Enlightenment | Imlib2 | 1.0 |
| Imagemagick | Imagemagick | 5.3.3 |
| Sun | Java Desktop System | 2.0 |
| Conectiva | Linux | 9.0 |
| Mandrakesoft | Mandrake Linux | 9.2 |
| Mandrakesoft | Mandrake Linux Corporate Server | 2.1 |
| Redhat | Enterprise Linux | 2.1 |
| Redhat | Enterprise Linux Desktop | 3.0 |
| Redhat | Fedora Core | core_1.0 |
| Redhat | Linux Advanced Workstation | 2.1 |
| Suse | Suse Linux | 8.0 |
| Turbolinux | Turbolinux | desktop_10.0 |
| Ubuntu | Ubuntu Linux | 4.1 |
References
- http://secunia.com/advisories/28800
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-231321-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-201006-1
- http://www.debian.org/security/2004/dsa-547PatchVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2004-480.htmlPatchVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2004-494.htmlPatchVendor Advisory
- http://www.vupen.com/english/advisories/2008/0412
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17173
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://secunia.com/advisories/28800
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-231321-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-201006-1
- http://www.debian.org/security/2004/dsa-547PatchVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2004-480.htmlPatchVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2004-494.htmlPatchVendor Advisory
FAQ
What is CVE-2004-0827?
CVE-2004-0827 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arb...
How severe is CVE-2004-0827?
CVE-2004-0827 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0827?
Check the references section above for vendor advisories and patch information. Affected products include: Enlightenment Imlib, Enlightenment Imlib2, Imagemagick Imagemagick, Sun Java Desktop System, Conectiva Linux.