CVE-2005-0397

Publication date 2 May 2005

Last updated 17 July 2025

Ubuntu priority

Description

Format string vulnerability in the SetImageInfo function in image.c for ImageMagick before 6.0.2.5 may allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a filename argument to convert, which may be called by other web applications.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
graphicsmagick	7.04 feisty	Fixed 1.1.7-8
	6.10 edgy	Fixed 1.1.7-8
	6.06 LTS dapper	Not in release
imagemagick	7.04 feisty	Fixed 6.2.4.5.dfsg1-0.14ubuntu0.1
	6.10 edgy	Fixed 6.2.4.5.dfsg1-0.10ubuntu0.3
	6.06 LTS dapper	Fixed 6.2.4.5-0.6ubuntu0.6

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-90-1
Imagemagick vulnerability
3 March 2005

Other references

https://www.cve.org/CVERecord?id=CVE-2005-0397