From Secunia: Tielei Wang has discovered a vulnerability in ImageMagick, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an integer overflow error within the "XMakeImage()" function in magick/xwindow.c. This can be exploited to cause a buffer overflow via e.g. a specially crafted TIFF file. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in version 6.5.2-8. Prior versions may also be affected. SOLUTION: Update to version 6.5.2-9. PROVIDED AND/OR DISCOVERED BY: Tielei Wang, ICST-ERCIS (Engineering Research Center of Info Security, Institute of Computer Science and Technology, Peking University)
Created attachment 192692 [details, diff] imagemagick-r513.patch Most of the changes in the commit seem unrelated... yay!
bumped to 6.5.2.9, which should fix this issue. +*imagemagick-6.5.2.9 (29 May 2009) + + 29 May 2009; Markus Meier <maekke@gentoo.org> +imagemagick-6.5.2.9.ebuild: + version bump wrt security bug #271502
Arches, please test and mark stable: =media-gfx/imagemagick-6.5.2.9 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
x86 stable
Sparc stable.
ppc64 done
ppc done
Readding x86: DEPEND.bad 2 media-gfx/imagemagick/imagemagick-6.5.2.9.ebuild: x86(hardened/linux/x86) ['>=sys-devel/gcc-4.3.0[openmp]'] media-gfx/imagemagick/imagemagick-6.5.2.9.ebuild: x86(hardened/x86) ['>=sys-devel/gcc-4.3.0[openmp]'] Stable for HPPA.
amd64 stable
(In reply to comment #8) > Readding x86: > DEPEND.bad 2 > media-gfx/imagemagick/imagemagick-6.5.2.9.ebuild: x86(hardened/linux/x86) > ['>=sys-devel/gcc-4.3.0[openmp]'] > media-gfx/imagemagick/imagemagick-6.5.2.9.ebuild: x86(hardened/x86) > ['>=sys-devel/gcc-4.3.0[openmp]'] fixed, thanks.
Stable on alpha.
All arches done, GLSA request filed.
arm/ia64/s390/sh stable
CVE-2009-1882 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1882): Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of these details are obtained from third party information.
GLSA 201006-03