CVE-2005-0397 : Format string vulnerability in the SetImageInfo function in image.c for ImageMag

Format string vulnerability in the SetImageInfo function in image.c for ImageMagick before 6.0.2.5 may allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a filename argument to convert, which may be called by other web applications.

Published 2005-05-02 04:00:00

Updated 2025-04-03 01:03:51

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Execute codeDenial of service

Products affected by CVE-2005-0397

Imagemagick » Imagemagick » Version: 5.5
cpe:2.3:a:imagemagick:imagemagick:5.5:*:*:*:*:*:*:*
Matching versions
Imagemagick » Imagemagick » Version: 5.2
cpe:2.3:a:imagemagick:imagemagick:5.2:*:*:*:*:*:*:*
Matching versions
Imagemagick » Imagemagick » Version: 5.3
cpe:2.3:a:imagemagick:imagemagick:5.3:*:*:*:*:*:*:*
Matching versions
Imagemagick » Imagemagick » Version: 5.4
cpe:2.3:a:imagemagick:imagemagick:5.4:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2005-0397

EPSS FAQ

4.52%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 88 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2005-0397

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2005-0397

http://www.redhat.com/support/errata/RHSA-2005-070.html

Support

CVEs referencing this url
http://www.debian.org/security/2005/dsa-702

[SECURITY] [DSA 702-1] New ImageMagick packages fix several vulnerabilities
Patch;Vendor Advisory

CVEs referencing this url
http://www.novell.com/linux/security/advisories/2005_17_imagemagick.html

Security - Support | SUSE
Patch;Vendor Advisory

CVEs referencing this url
http://www.redhat.com/support/errata/RHSA-2005-320.html

Support
Patch;Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10302

404 Not Found
https://exchange.xforce.ibmcloud.com/vulnerabilities/19586

ImageMagick SetImageInfo() file name format string CVE-2006-0082 Vulnerability Report
http://bugs.gentoo.org/show_bug.cgi?id=83542

83542 – media-gfx/imagemagick: filename handling format string bug.
Patch
http://marc.info/?l=bugtraq&m=110987256010857&w=2

'[USN-90-1] Imagemagick vulnerability' - MARC
http://www.gentoo.org/security/en/glsa/glsa-200503-11.xml

ImageMagick: Filename handling vulnerability (GLSA 200503-11) — Gentoo security
Patch

Jump to

Vulnerability Details : CVE-2005-0397

Products affected by CVE-2005-0397

Exploit prediction scoring system (EPSS) score for CVE-2005-0397

CVSS scores for CVE-2005-0397

References for CVE-2005-0397