Forum Thread: ImageMagic 6.x 'solution' not applicable to Calibre DLL

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
ImageMagick Studio LLC
And, this specific program:
ImageMagick 6.x

This thread has been marked as resolved.
ott-group ImageMagic 6.x 'solution' not applicable to Calibre DLL
Member 14th May, 2012 17:03
Ranking: 1
Posts: 19
User Since: 2nd Sep, 2010
System Score: N/A
Location: UK

Program Name:
ImageMagick 6.x

Security State:
Insecure

Download Link:
http://dl.secunia.com/SPS/ImageMagick_6.7.6-5.exe

Instances Found:
C:\Program Files (x86)\Calibre2\DLLs\CORE_RL_magick_.dll, version: 6.6.6

Last System Scan (localtime):
14. May 2012, 15:09

Operating System:
Microsoft Windows 7, Microsoft Windows 7

END

PSI identifies vulnerability in above DLL but 'solution' simply installs a standalone version of ImageMagic that does not even contain a DLL that could potentially replace the Calibre one.

Downloaded the latest version of Calibre and the 'vulnerable' DLL is unchanged.

Regards to All,

Chris


Post "RE: ImageMagic 6.x 'solution' not applicable to Calibre DLL" has been selected as an answer.
Maurice Joyce RE: ImageMagic 6.x 'solution' not applicable to Calibre DLL
Handling Contributor 14th May, 2012 17:43
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Chris,
That looks like another false positive. I have been dealing with a few of these with Secunia Support over the last few weeks.

Would U like me to contact support for U if they do not respond by "close of play" today? - if not U can do it yourself by emailing support@secunia.com

After they have investigated (& if necessary adjusted their database) a simple rescan normally solves the issue. Example here:

http://secunia.com/community/forum/thread/show/126...


--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+1
-0
ott-group RE: ImageMagic 6.x 'solution' not applicable to Calibre DLL
Member 14th May, 2012 19:32
Score: 1
Posts: 19
User Since: 2nd Sep 2010
System Score: N/A
Location: UK
on 14th May, 2012 17:43, Maurice Joyce wrote:
Chris,
That looks like another false positive. I have been dealing with a few of these with Secunia Support over the last few weeks.

Would U like me to contact support for U if they do not respond by "close of play" today? - if not U can do it yourself by emailing support@secunia.com

After they have investigated (& if necessary adjusted their database) a simple rescan normally solves the issue. Example here:

http://secunia.com/community/forum/thread/show/126...


Maurice, hadn't thought of it as a false positive. I should have added that the Calibre DLL *is* an ImageMagick product according to its properties. Its description is "ImageMagick Studio library and utility programs". It *may* well be vulnerable but also *may* need to be updated as part of a Calibre update package. If you still suspect it to be a false positive I would be interested to hear. I haven't raised the issue with Calibre yet as it requires me to create an account on a bug tracking system but I was going to do that later tonight.

Having said all that you are of course welcome to submit to Secunia if they haven't responded. One less thing fro me to remember to do! Thanks for the response. Much appreciated.

Best Regards, Chris

Was this reply relevant?
+0
-0
Maurice Joyce RE: ImageMagic 6.x 'solution' not applicable to Calibre DLL
Handling Contributor 15th May, 2012 00:18
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Email sent - hopefully they will respond tomorrow.

--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+1
-0
This user no longer exists RE: ImageMagic 6.x 'solution' not applicable to Calibre DLL
Member 15th May, 2012 09:02
Hi,

We recently made a correction to our rules to prevent ImageMagick f'alse positives.

If you run a full rescan, does the problem still occur?
Was this reply relevant?
+0
-0
ott-group RE: ImageMagic 6.x 'solution' not applicable to Calibre DLL
Member 15th May, 2012 13:46
Score: 1
Posts: 19
User Since: 2nd Sep 2010
System Score: N/A
Location: UK
on 15th May, 2012 09:02, wrote:
Hi,

We recently made a correction to our rules to prevent ImageMagick f'alse positives.

If you run a full rescan, does the problem still occur?


False positive cleared. Thanks.

Regards,

Chris
Was this reply relevant?
+0
-0
ott-group RE: ImageMagic 6.x 'solution' not applicable to Calibre DLL
Member 15th May, 2012 13:49
Score: 1
Posts: 19
User Since: 2nd Sep 2010
System Score: N/A
Location: UK
on 15th May, 2012 00:18, Maurice Joyce wrote:
Email sent - hopefully they will respond tomorrow.


They have indeed. Many thanks!

Regards,

Chris
Was this reply relevant?
+0
-0
Maurice Joyce RE: ImageMagic 6.x 'solution' not applicable to Calibre DLL
Handling Contributor 15th May, 2012 14:42
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK

Chris.
Pleased to see U are all fixed up.

On that basis, I will lock this thread for U sometime tomorrow unless U post back asking for it to be left open.

This will protect your mail box from possible update emails from "tag on" posts

You can of course lock threads U have created. Just click the ACCEPT button in the post of the helper who offered U the best solution/advice to solve your problem.

Secunia Support can always reopen threads by applying by email to: support@secunia.com





--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+2
-0

This thread has been marked as locked.