CVE-2004-0981: Buffer Overflow
First published: Fri Nov 19 2004(Updated: )
Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain image file.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ubuntu/graphicsmagick | <1.1.7-8 | 1.1.7-8 |
| ubuntu/graphicsmagick | <1.1.7-8 | 1.1.7-8 |
| ubuntu/imagemagick | <6.2.4.5-0.6ubuntu0.6 | 6.2.4.5-0.6ubuntu0.6 |
| ubuntu/imagemagick | <6.2.4.5.dfsg1-0.10ubuntu0.3 | 6.2.4.5.dfsg1-0.10ubuntu0.3 |
| ubuntu/imagemagick | <6.2.4.5.dfsg1-0.14ubuntu0.1 | 6.2.4.5.dfsg1-0.14ubuntu0.1 |
| debian/graphicsmagick | 1.4+really1.3.36+hg16481-2+deb11u1 1.4+really1.3.40-4 1.4+really1.3.43-1 | |
| debian/imagemagick | 8:6.9.11.60+dfsg-1.3+deb11u3 8:6.9.11.60+dfsg-1.6+deb12u1 8:6.9.13.12+dfsg1-1 | |
| ImageMagick ImageMagick | =5.3.3 | |
| ImageMagick ImageMagick | =5.4.3 | |
| ImageMagick ImageMagick | =5.4.4.5 | |
| ImageMagick ImageMagick | =5.4.7 | |
| ImageMagick ImageMagick | =5.4.8 | |
| ImageMagick ImageMagick | =5.4.8.2.1.1.0 | |
| ImageMagick ImageMagick | =5.5.3.2.1.2.0 | |
| ImageMagick ImageMagick | =5.5.6.0_2003-04-09 | |
| ImageMagick ImageMagick | =5.5.7 | |
| ImageMagick ImageMagick | =6.0 | |
| ImageMagick ImageMagick | =6.0.1 | |
| ImageMagick ImageMagick | =6.0.3 | |
| ImageMagick ImageMagick | =6.0.4 | |
| ImageMagick ImageMagick | =6.0.5 | |
| ImageMagick ImageMagick | =6.0.6 | |
| ImageMagick ImageMagick | =6.0.7 | |
| ImageMagick ImageMagick | =6.0.8 | |
| Debian GNU/Linux | =3.0 | |
| Debian GNU/Linux | =3.0 | |
| Debian GNU/Linux | =3.0 | |
| Debian GNU/Linux | =3.0 | |
| Debian GNU/Linux | =3.0 | |
| Debian GNU/Linux | =3.0 | |
| Debian GNU/Linux | =3.0 | |
| Debian GNU/Linux | =3.0 | |
| Debian GNU/Linux | =3.0 | |
| Debian GNU/Linux | =3.0 | |
| Debian GNU/Linux | =3.0 | |
| Gentoo Linux | ||
| SUSE Linux | =8.0 | |
| SUSE Linux | =8.1 | |
| SUSE Linux | =8.2 | |
| SUSE Linux | =9.0 | |
| SUSE Linux | =9.0 | |
| SUSE Linux | =9.1 | |
| SUSE Linux | =9.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.imagemagick.org/www/Changelog.html
- http://security.gentoo.org/glsa/glsa-200411-11.xml
- http://secunia.com/advisories/12995/
- http://www.securityfocus.org/bid/11548
- https://www.ubuntu.com/usn/usn-7-1/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17903
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10472
- https://ubuntu.com/security/notices/USN-10-1
- https://ubuntu.com/security/notices/USN-7-1
- https://www.cve.org/CVERecord?id=CVE-2004-0981
- https://nvd.nist.gov/vuln/detail/CVE-2004-0981
- https://launchpad.net/bugs/cve/CVE-2004-0981
- https://security-tracker.debian.org/tracker/CVE-2004-0981
- https://ubuntu.com/security/CVE-2004-0981
Frequently Asked Questions
What is the severity of CVE-2004-0981?
CVE-2004-0981 is considered to have a critical severity due to the potential for remote code execution.
How do I fix CVE-2004-0981?
To fix CVE-2004-0981, update ImageMagick to version 6.1.0 or later.
Which versions of ImageMagick are affected by CVE-2004-0981?
Versions of ImageMagick prior to 6.1.0 are affected by CVE-2004-0981.
What types of attacks can exploit CVE-2004-0981?
CVE-2004-0981 can be exploited via specially crafted image files that trigger a buffer overflow.
Is ImageMagick the only software affected by CVE-2004-0981?
No, GraphicsMagick is also affected by CVE-2004-0981 if using vulnerable versions.
- agent/type
- agent/severity
- agent/weakness
- collector/usn-cve
- source/Ubuntu
- agent/software-canonical-lookup
- agent/references
- agent/description
- collector/launchpad-cve
- source/Launchpad
- agent/author
- collector/security-tracker-debian
- source/Debian
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/trending
- agent/source
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/imagemagick
- product/imagemagick
- canonical/imagemagick imagemagick
- vendor/suse
- product/suse linux
- canonical/suse suse linux
- vendor/debian
- product/debian linux
- canonical/debian debian linux
- vendor/gentoo
- product/linux
- canonical/gentoo linux
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- package-manager/ubuntu
- package-manager/debian
- version/imagemagick imagemagick/5.3.3
- version/imagemagick imagemagick/5.4.3
- version/imagemagick imagemagick/5.4.4.5
- version/imagemagick imagemagick/5.4.7
- version/imagemagick imagemagick/5.4.8
- version/imagemagick imagemagick/5.4.8.2.1.1.0
- version/imagemagick imagemagick/5.5.3.2.1.2.0
- version/imagemagick imagemagick/5.5.6.0_2003-04-09
- version/imagemagick imagemagick/5.5.7
- version/imagemagick imagemagick/6.0
- version/imagemagick imagemagick/6.0.1
- version/imagemagick imagemagick/6.0.3
- version/imagemagick imagemagick/6.0.4
- version/imagemagick imagemagick/6.0.5
- version/imagemagick imagemagick/6.0.6
- version/imagemagick imagemagick/6.0.7
- version/imagemagick imagemagick/6.0.8
- canonical/debian gnu/linux
- version/debian gnu/linux/3.0
- canonical/suse linux
- version/suse linux/8.0
- version/suse linux/8.1
- version/suse linux/8.2
- version/suse linux/9.0
- version/suse linux/9.1
- version/suse linux/9.2