CVE-2005-0005
NONE EPSS 90.1%
Published May 2, 200521y ago · Modified Jun 16, 20262w ago
Published May 2, 2005 21y ago
Last Modified Jun 16, 2026 2w ago
Description
Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.
Threat Intelligence
EPSS Exploit Probability
90.1% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Affected Products 57
| Vendor | Product | Version | Range |
|---|---|---|---|
| graphicsmagick | graphicsmagick | 1.0 | any |
| graphicsmagick | graphicsmagick | 1.0.6 | any |
| graphicsmagick | graphicsmagick | 1.1 | any |
| graphicsmagick | graphicsmagick | 1.1.3 | any |
| graphicsmagick | graphicsmagick | 1.1.4 | any |
| imagemagick | imagemagick | 5.3.3 | any |
| imagemagick | imagemagick | 5.4.3 | any |
| imagemagick | imagemagick | 5.4.7 | any |
| imagemagick | imagemagick | 6.0 | any |
| imagemagick | imagemagick | 6.0.1 | any |
| imagemagick | imagemagick | 6.0.2 | any |
| imagemagick | imagemagick | 6.0.2.5 | any |
| imagemagick | imagemagick | 6.0.3 | any |
| imagemagick | imagemagick | 6.0.4 | any |
| imagemagick | imagemagick | 6.0.5 | any |
| imagemagick | imagemagick | 6.0.6 | any |
| imagemagick | imagemagick | 6.0.7 | any |
| imagemagick | imagemagick | 6.0.8 | any |
| imagemagick | imagemagick | 6.1 | any |
| imagemagick | imagemagick | 6.1.1.6 | any |
| imagemagick | imagemagick | 6.1.2 | any |
| imagemagick | imagemagick | 6.1.3 | any |
| imagemagick | imagemagick | 6.1.4 | any |
| imagemagick | imagemagick | 6.1.5 | any |
| imagemagick | imagemagick | 6.1.6 | any |
| imagemagick | imagemagick | 6.1.7 | any |
| imagemagick | imagemagick | 6.2 | any |
| imagemagick | imagemagick | 6.2.0.4 | any |
| imagemagick | imagemagick | 6.2.0.7 | any |
| sgi | propack | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| gentoo | linux | 0.5 | any |
| gentoo | linux | 0.7 | any |
| gentoo | linux | 1.1a | any |
| gentoo | linux | 1.2 | any |
| gentoo | linux | 1.4 | any |
| gentoo | linux | 1.4 | any |
| gentoo | linux | 1.4 | any |
| gentoo | linux | 1.4 | any |
| suse | suse_linux | 8.0 | any |
| suse | suse_linux | 8.0 | any |
| suse | suse_linux | 8.1 | any |
| suse | suse_linux | 8.2 | any |
| suse | suse_linux | 9.0 | any |
| suse | suse_linux | 9.0 | any |
| suse | suse_linux | 9.1 | any |
| suse | suse_linux | 9.2 | any |
References 7
- marc.info http://marc.info/?l=bugtraq&m=110608222117215&w=2
- debian.org http://www.debian.org/security/2005/dsa-646
- gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200501-37.xml
- idefense.com http://www.idefense.com/application/poi/display?id=184&type=vulnerabilities
- redhat.com http://www.redhat.com/support/errata/RHSA-2005-070.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2005-071.html
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9925
Remediation
- debian.org http://www.debian.org/security/2005/dsa-646
- redhat.com http://www.redhat.com/support/errata/RHSA-2005-071.html