ImageMagick contains a flaw that may allow a heap overflow triggering a denial of service. The issue is triggered due to a lack of bounds checking in the ReadPNMImage() function when decoding PNM images, and will result in loss of availability for the application.

Upgrade ImageMagick to version 6.2.2 or higher, and GraphicsMagick to version 1.1.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• Secunia Advisory ID: 15124 15151 15455 15513 15848 15920
• CVE ID: 2005-1275 (see also: NVD)
• ISS X-Force ID: 20262
• Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0407.html
• Other Advisory URL: http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:107
  http://ubuntulinux.org/support/documentation/usn/usn-132-1
  http://www.overflow.pl/adv/imheapoverflow.txt
  http://www.trustix.org/errata/2005/0031/
• Vendor Specific News/Changelog Entry: http://sourceforge.net/tracker/index.php?func=detail&aid=1190872&group_id=73485&atid=537937
• Vendor URL: http://www.imagemagick.org/
• RedHat RHSA: RHSA-2005:413

• Damian Put - pucikoverflow.pl -