Secunia
Login
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Thread: ImageMagick 6.x Vulnerability SA48679
You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.This thread was submitted in the following forum:
Programs
|
Relating to this vendor: |
And, this specific program: ImageMagick 6.x |
| Rad_Reg | ImageMagick 6.x Vulnerability SA48679 |
|---|---|
 |
14th May, 2012 23:17 |
|
Ranking: 0 Posts: 3 User Since: 14th May, 2012 System Score: N/A Location: US |
Want to start off by saying I Love Secunia PSI... It keeps me on the leading edge of avoiding software vulnerabilities. That being said, I am having an issue with what I believe is a false positive on an ImageMagick 6.x vulnerability as outlined in SA48679. During a scan, I recieve a vulnerabilities on my Tversity Media Sever and on an Adobe After Effects Mocha plugin. The install file from Secunia did not appear to have the latest version, nor the dll file outlined in the "Zombie installations". So I installed the latest version of ImageMagick 6.7.6-9-Q16 with the C++ files (dll files used in "zobie installations") from the author's website. I then copied over the Core_RL_Magick.dll file from the new installation and overwrote the older 6.7.6-4 files that were included in the 3rd party software packages to ensure I wasn't vulnerable in those software locations. However, now when I scan, I still get the same vulnerability highlighting these files, and it still flags the above dll file along with the actual ImageMagick installation that I had to download in order to get the Core_RL_Magick.dll file referenced above. I believe the issue is that it recognizes the latest ImageMagick 6.x file version as 6.7.6-Q16 rather than 6.7.6-9-Q16 as outlined on the author's site. I believe that this is still falesly flagging the vulnerability even with the latest version. Can someone please ensure that the databse is updated so that if the latest version is utilized that the vulnerability is not still shown??? I would believe a 6.7.6-9-X would have the security fixes flagged as being fixed in 6.7.5+... Thanks, Reggie |
| jongreen | RE: ImageMagick 6.x Vulnerability SA48679 | ||||||||
|
|
14th May, 2012 23:43 | ||||||||
| Score: 0 Posts: 2 User Since: 22nd Dec 2007 System Score: N/A Location: N/A |
PSI also identifies CORE_RL_magick_.dll (part of Calibre2) as part of ImageMagick. The link to ImageMagick dl's the incorrect version and does nothing to correct the Calibre problem. | ||||||||
|
|||||||||
| Maurice Joyce | RE: ImageMagick 6.x Vulnerability SA48679 | ||||||||
|
15th May, 2012 00:17 | ||||||||
| Score: 10510 Posts: 8,072 User Since: 4th Jan 2009 System Score: 100% Location: UK Last edited on 15th May, 2012 14:44 |
See this thread for more information. http://secunia.com/community/forum/thread/show/126... My email to Support includes this thread for them to comment on. EDIT By clicking on my link above U will note Secunia have responded. Can U please confirm your problem is fixed? -- Maurice Windows 7 SP1 64 Bit OS HP Intel Pentium i7 IE 10 for Windows 7 16GB RAM |
||||||||
|
|||||||||
| jongreen | RE: ImageMagick 6.x Vulnerability SA48679 | ||||||||
|
|
15th May, 2012 18:38 | ||||||||
| Score: 0 Posts: 2 User Since: 22nd Dec 2007 System Score: N/A Location: N/A |
Problem solved. Thanks. | ||||||||
|
|||||||||
| Rad_Reg | RE: ImageMagick 6.x Vulnerability SA48679 | ||||||||
|
|
16th May, 2012 05:20 | ||||||||
| Score: 0 Posts: 3 User Since: 14th May 2012 System Score: N/A Location: US |
I am still recieving the error with the 6.7.6-9-Q16 version of the files. | ||||||||
|
|||||||||
| Maurice Joyce | RE: ImageMagick 6.x Vulnerability SA48679 | ||||||||
|
|
16th May, 2012 09:08 | ||||||||
| Score: 10510 Posts: 8,072 User Since: 4th Jan 2009 System Score: 100% Location: UK |
There could still be issues with the files as explained here: 22nd Mar, 2012 14:56 Score: 25 Posts: 37 User Since: 12th May 2011 System Score: N/A Location: Copenhagen, DK Hi, There is an issue in this software. The issue is, that the vendor is providing the same version information in both version 6.7.6-0 and 6.7.6-1. The vendor is not updating the "-x" number, which means that every version of the 6.7.6 branch has the same version information. We have looked at all the .exe files for the software as well as all the .dll files, and are trying to figure out a way of taking care of this issue, but most likely, we will not be able to solve this until the vendor starts giving the whole version number in the file information for the software files. Hope you understand. -- Kind regards, Munib Rehman Secunia PSI Support Secunia PSI http://secunia.com/vulnerability_scanning/personal... Try suggesting the programme. 1. From the DASHBOARD page click on RESULTS. 2. On the RESULTS page look above the tab INSTALL SOLUTION & U will see a green icon & ARE YOU MISSING A PROGRAM? 3. Click it. Fill out the details requested. 4. Click SUGGEST SOFTWARE. -- Maurice Windows 7 SP1 64 Bit OS HP Intel Pentium i7 IE 10 for Windows 7 16GB RAM |
||||||||
|
|||||||||
| mrmikel | RE: ImageMagick 6.x Vulnerability SA48679 | ||||||||
|
|
16th May, 2012 13:52 | ||||||||
| Score: 8 Posts: 5 User Since: 15th Apr 2011 System Score: N/A Location: US |
In so far as it concerns Calibre, the developer is updating to the latest version of Image Magick, for the Windows version and it will be released this Friday, on Calibre's usual update schedule. | ||||||||
|
|||||||||
| Rad_Reg | RE: ImageMagick 6.x Vulnerability SA48679 | ||||||||
|
|
17th May, 2012 00:47 | ||||||||
| Score: 0 Posts: 3 User Since: 14th May 2012 System Score: N/A Location: US |
Can a checksum be used instead of a versioning scheme? This can't be the only program you receive an issue on... | ||||||||
|
|||||||||
| Oldbridge1 | RE: ImageMagick 6.x Vulnerability SA48679 | ||||||||
|
|
17th May, 2012 01:47 | ||||||||
| Score: 0 Posts: 2 User Since: 16th May 2012 System Score: N/A Location: US |
Getting the still the error despite having downloaded the 64 bit latest version. | ||||||||
|
|||||||||
