CVE-2009-1882 — Vulnetix

Try Vulnetix Request Demo

CVE-2009-1882 PUBLISHED CVSS 9.300000190734863 CRITICAL

Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of these details are obtained from third party information.

EPSS 3.64% · 87.7th percentile

Risk Scores

CVSS v4.0

9.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS Score

3.64%

87.7th percentile

Affected Products

Vendor	Product	Versions
imagemagick	imagemagick	6.5.2-8
n/a	n/a	n/a

Timeline

Jun 2, 2009 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score
Aug 31, 2023 EPSS Score
Oct 22, 2023 EPSS Score

References

54729 vdb
http://wiki.rpath.com/Advisories:rPSA-2010-0074 url
GLSA-201311-10 vendor-advisory
37959 third-party-advisory
[oss-security] 20090608 Re: CVE Request -- ImageMagick -- Integer overflow in XMakeImage() mailing-list
USN-784-1 vendor-advisory
20101027 rPSA-2010-0074-1 ImageMagick mailing-list
35382 third-party-advisory
FEDORA-2010-0001 vendor-advisory
55721 third-party-advisory
http://mirror1.smudge-it.co.uk/imagemagick/www/changelog.html url
35111 vdb
http://imagemagick.org/script/changelog.php url
35685 third-party-advisory
35216 third-party-advisory
DSA-1858 vendor-advisory
SUSE-SR:2009:012 vendor-advisory
ADV-2009-1449 vdb
FEDORA-2010-0036 vendor-advisory
36260 third-party-advisory

…and 2 more

Open in Interactive Console →