CVE-2009-1882 — Integer Overflow or Wraparound in Graphicsmagick

CWE-189 CWE-190 — Integer Overflow or Wraparound7 documents7 sources

Severity

9.3CRITICALNVD

EPSS

3.6%

top 12.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Graphicsmagick Imagemagick Debian Graphicsmagick +1 more

Timeline

PublishedJun 2

Latest updateMay 2

Description

Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages5 packages

▶debiandebian/imagemagick< graphicsmagick 1.3.5-5.1 (bookworm)

▶debiandebian/graphicsmagick< graphicsmagick 1.3.5-5.1 (bookworm)

▶Debianimagemagick/imagemagick< 7:6.5.1.0-1.1+3

▶Debiangraphicsmagick/graphicsmagick< 1.3.5-5.1+3

▶NVDimagemagick/imagemagick6.5.2-8

🔴Vulnerability Details

GHSA

GHSA-cw2f-4p3w-w2xh: Integer overflow in the XMakeImage function in magick/xwindow↗2022-05-02

▶

OSV

CVE-2009-1882: Integer overflow in the XMakeImage function in magick/xwindow↗2009-06-02

▶

📋Vendor Advisories

Ubuntu

ImageMagick vulnerability↗2009-06-08

▶

Red Hat

GraphicsMagick: Integer overflow in the routine creating X11 images↗2009-05-27

▶

Debian

CVE-2009-1882: graphicsmagick - Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6...↗2009

▶

💬Community

Bugzilla

CVE-2009-1882 ImageMagick, GraphicsMagick: Integer overflow in the routine creating X11 images↗2009-05-28

▶