CVE-2005-0397

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 6.0.2.5

Description A format string issue in the SetImageInfo function in image.c may allow remote attackers to cause an application crash and possibly execute arbitrary code via format string specifiers in a filename argument to convert, which may be called by other web applications.

Recommendations For versions prior to 6.0.2.5, update to version 6.0.2.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of the convert function with untrusted input until a patch is applied. Avoid using the convert function with filenames that contain format string specifiers.