ImageMagick, GraphicsMagick: Denial of Service vulnerability ImageMagick and GraphicsMagick utilities can be abused to perform a Denial of Service attack. ImageMagick May 21, 2005 May 22, 2006: 02 90423 90595 remote 6.2.2.3 6.2.2.3 1.1.6-r1 1.1.6-r1

Both ImageMagick and GraphicsMagick are collection of tools to read, write and manipulate images in many formats.

Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a Denial of Service vulnerability in the XWD decoder of ImageMagick and GraphicsMagick when setting a color mask to zero.

A remote attacker could submit a specially crafted image to a user or an automated system making use of an affected utility, resulting in a Denial of Service by consumption of CPU time.

There is no known workaround at this time.

All ImageMagick users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.2.2.3"

All GraphicsMagick users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=media-gfx/graphicsmagick-1.1.6-r1"
CVE-2005-1739 jaervosz formula7 koon