CVE-2004-0827

Current Description

Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.

Basic Data

PublishedSeptember 16, 2004
Last ModifiedOctober 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegetrue
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationEnlightenmentImlib1.9*******
    2.3ApplicationEnlightenmentImlib1.9.1*******
    2.3ApplicationEnlightenmentImlib1.9.2*******
    2.3ApplicationEnlightenmentImlib1.9.3*******
    2.3ApplicationEnlightenmentImlib1.9.4*******
    2.3ApplicationEnlightenmentImlib1.9.5*******
    2.3ApplicationEnlightenmentImlib1.9.6*******
    2.3ApplicationEnlightenmentImlib1.9.7*******
    2.3ApplicationEnlightenmentImlib1.9.8*******
    2.3ApplicationEnlightenmentImlib1.9.9*******
    2.3ApplicationEnlightenmentImlib1.9.10*******
    2.3ApplicationEnlightenmentImlib1.9.11*******
    2.3ApplicationEnlightenmentImlib1.9.12*******
    2.3ApplicationEnlightenmentImlib1.9.13*******
    2.3ApplicationEnlightenmentImlib1.9.14*******
    2.3ApplicationEnlightenmentImlib21.0*******
    2.3ApplicationEnlightenmentImlib21.0.1*******
    2.3ApplicationEnlightenmentImlib21.0.2*******
    2.3ApplicationEnlightenmentImlib21.0.3*******
    2.3ApplicationEnlightenmentImlib21.0.4*******
    2.3ApplicationEnlightenmentImlib21.0.5*******
    2.3ApplicationEnlightenmentImlib21.1*******
    2.3ApplicationEnlightenmentImlib21.1.1*******
    2.3ApplicationImagemagickImagemagick5.3.3*******
    2.3ApplicationImagemagickImagemagick5.4.3*******
    2.3ApplicationImagemagickImagemagick5.4.4.5*******
    2.3ApplicationImagemagickImagemagick5.4.7*******
    2.3ApplicationImagemagickImagemagick5.4.8*******
    2.3ApplicationImagemagickImagemagick5.4.8.2.1.1.0*******
    2.3ApplicationImagemagickImagemagick5.5.3.2.1.2.0*******
    2.3ApplicationImagemagickImagemagick5.5.6.0_2003-04-09*******
    2.3ApplicationImagemagickImagemagick5.5.7*******
    2.3ApplicationImagemagickImagemagick6.0.2*******
    2.3ApplicationSunJava Desktop System2.0*******
    2.3ApplicationSunJava Desktop System2003*******
    2.3OSConectivaLinux9.0*******
    2.3OSConectivaLinux10.0*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSMandrakesoftMandrake Linux9.2*******
    2.3OSMandrakesoftMandrake Linux9.2*amd64*****
    2.3OSMandrakesoftMandrake Linux10.0*******
    2.3OSMandrakesoftMandrake Linux10.0*amd64*****
    2.3OSMandrakesoftMandrake Linux Corporate Server2.1*******
    2.3OSMandrakesoftMandrake Linux Corporate Server2.1*x86_64*****
    2.3OSRedhatEnterprise Linux2.1*advanced_server*****
    2.3OSRedhatEnterprise Linux2.1*advanced_server_ia64*****
    2.3OSRedhatEnterprise Linux2.1*enterprise_server*****
    2.3OSRedhatEnterprise Linux2.1*enterprise_server_ia64*****
    2.3OSRedhatEnterprise Linux2.1*workstation*****
    2.3OSRedhatEnterprise Linux2.1*workstation_ia64*****
    2.3OSRedhatEnterprise Linux3.0*advanced_server*****
    2.3OSRedhatEnterprise Linux3.0*enterprise_server*****
    2.3OSRedhatEnterprise Linux3.0*workstation_server*****
    2.3OSRedhatEnterprise Linux Desktop3.0*******
    2.3OSRedhatFedora Corecore_1.0*******
    2.3OSRedhatFedora Corecore_2.0*******
    2.3OSRedhatFedora Corecore_3.0*******
    2.3OSRedhatLinux Advanced Workstation2.1*ia64*****
    2.3OSRedhatLinux Advanced Workstation2.1*itanium_processor*****
    2.3OSSuseSuse Linux8.0*******
    2.3OSSuseSuse Linux8.0*i386*****
    2.3OSSuseSuse Linux8.1*******
    2.3OSSuseSuse Linux8.2*******
    2.3OSSuseSuse Linux9.0*******
    2.3OSSuseSuse Linux9.0*x86_64*****
    2.3OSSuseSuse Linux9.1*******
    2.3OSSuseSuse Linux9.2*******
    2.3OSTurbolinuxTurbolinuxdesktop_10.0*******
    2.3OSTurbolinuxTurbolinuxserver_7.0*******
    2.3OSTurbolinuxTurbolinuxserver_8.0*******
    2.3OSTurbolinuxTurbolinuxworkstation_7.0*******
    2.3OSTurbolinuxTurbolinuxworkstation_8.0*******
    2.3OSUbuntuUbuntu Linux4.1*ia64*****
    2.3OSUbuntuUbuntu Linux4.1*ppc*****

Vulnerable Software List

VendorProductVersions
Imagemagick Imagemagick 5.3.3, 5.4.3, 5.4.4.5, 5.4.7, 5.4.8, 5.4.8.2.1.1.0, 5.5.3.2.1.2.0, 5.5.6.0_2003-04-09, 5.5.7, 6.0.2
Enlightenment Imlib2 1.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.1, 1.1.1
Enlightenment Imlib 1.9, 1.9.1, 1.9.10, 1.9.11, 1.9.12, 1.9.13, 1.9.14, 1.9.2, 1.9.3, 1.9.4, 1.9.5, 1.9.6, 1.9.7, 1.9.8, 1.9.9
Redhat Enterprise Linux 2.1, 3.0
Redhat Enterprise Linux Desktop 3.0
Redhat Fedora Core core_1.0, core_2.0, core_3.0
Redhat Linux Advanced Workstation 2.1
Conectiva Linux 10.0, 9.0
Ubuntu Ubuntu Linux 4.1
Mandrakesoft Mandrake Linux 10.0, 9.2
Mandrakesoft Mandrake Linux Corporate Server 2.1
Turbolinux Turbolinux desktop_10.0, server_7.0, server_8.0, workstation_7.0, workstation_8.0
Sun Java Desktop System 2.0, 2003
Suse Suse Linux 8.0, 8.1, 8.2, 9.0, 9.1, 9.2

References

NameSourceURLTags
28800http://secunia.com/advisories/28800SECUNIA
231321http://sunsolve.sun.com/search/document.do?assetkey=1-26-231321-1SUNALERT
201006http://sunsolve.sun.com/search/document.do?assetkey=1-66-201006-1SUNALERT
DSA-547http://www.debian.org/security/2004/dsa-547DEBIANPATCH Vendor Advisory
RHSA-2004:480http://www.redhat.com/support/errata/RHSA-2004-480.htmlREDHATPATCH Vendor Advisory
RHSA-2004:494http://www.redhat.com/support/errata/RHSA-2004-494.htmlREDHATPATCH Vendor Advisory
ADV-2008-0412http://www.vupen.com/english/advisories/2008/0412VUPEN
imagemagick-bmp-Bo(17173)https://exchange.xforce.ibmcloud.com/vulnerabilities/17173XF
oval:org.mitre.oval:def:11123https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11123OVAL