[magick-users] Kaspersky Anti-Virus 2009 does report virus to ImageMagick
heng.xue
heng.xue at gmail.com
Wed Jun 10 03:22:55 PDT 2009
Hello,
I am using Kaspersky Anti-Virus 2009 and it is reporting an infection to
ImageMagick which it identifies as moderately dangerous virus. The
description of the virus is as follows:
http://secunia.com/advisories/35216/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ImageMagick "XMakeImage()" Integer Overflow Vulnerability
Secunia ID SA35216
CVE-ID CVE-2009-1882
Release Date 27 May 2009
Last Change 04 Jun 2009
Criticality Moderately Critical
Solution Status Vendor Patch
Software ImageMagick 6.x
Where From remote
Impact DoS (Denial of Service)
This includes vulnerabilities ranging from excessive resource consumption
(e.g. causing a system to use a lot of memory) to crashing an application or
an entire system.
System access
This covers vulnerabilities where malicious people are able to gain system
access and execute arbitrary code with the privileges of a local user.
Description Tielei Wang has discovered a vulnerability in ImageMagick,
which can be exploited by malicious people to potentially compromise a
user's system.
The vulnerability is caused due to an integer overflow error within the
"XMakeImage()" function in magick/xwindow.c. This can be exploited to cause
a buffer overflow via e.g. a specially crafted TIFF file.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is confirmed in version 6.5.2-8. Prior versions may also
be affected.
Solution Update to version 6.5.2-9.
Reported by Tielei Wang, ICST-ERCIS (Engineering Research Center of Info
Security, Institute of Computer Science and Technology, Peking University)
Original Advisory ImageMagick:
http://imagemagick.org/script/changelog.php
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Can someone contact to Kaspersky to correct this false positive problem?
Thanks.
Regards.
XueHeng
More information about the Magick-users
mailing list