Updates/ImageMagick-6.2.2.0-3.fc4.2
From FarsiWeb
Security imact: Low
The package ImageMagick is An X application for displaying and manipulating images.
This update fixes Common Vulnerabilities and Exposures issue CVE 2006-2440:
- Heap-based buffer overflow in the libMagick componet of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the
ExpandFilenamesfunction.
ImageMagick's DisplayImageCommand contained a heap overflow flaw. It is possible to pass an unexpanded glob to ImageMagick which will be expanded by ImageMagick and overflow heap memory.
This update includes patches that fix the above-mentioned possible overflow.
