Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.1
CVSSv2

CVE-2006-3744

Published: 25/08/2006 Updated: 11/10/2017
CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9
VMScore: 454
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Subscribe to Imagemagick

Vulnerability Summary

Multiple integer overflows in ImageMagick prior to 6.2.9 allows user-assisted malicious users to execute arbitrary code via crafted Sun Rasterfile (bitmap) images that trigger heap-based buffer overflows.

Vulnerable Product Search on Vulmon Subscribe to Product

imagemagick imagemagick 6.2.1

imagemagick imagemagick 6.2.0.7

imagemagick imagemagick 6.2.0.8

imagemagick imagemagick 6.2.4

imagemagick imagemagick 6.2.4.5

imagemagick imagemagick 6.2.2

imagemagick imagemagick 6.2.2.5

imagemagick imagemagick 6.2.7

imagemagick imagemagick

imagemagick imagemagick 6.2.1.7

imagemagick imagemagick 6.2.5

imagemagick imagemagick 6.2.6

imagemagick imagemagick 6.2

imagemagick imagemagick 6.2.0.4

imagemagick imagemagick 6.2.3

imagemagick imagemagick 6.2.3.6

Vendor Advisories

Ubuntu Security Notice: imagemagick vulnerabilities
Tavis Ormandy discovered several buffer overflows in imagemagick’s Sun Raster and XCF (Gimp) image decoders By tricking a user or automated system into processing a specially crafted image, this could be exploited to execute arbitrary code with the users’ privileges ...
Debian CVElist Bug Report Logs: CVE-2006-3743/-3744: ImageMagick XCF and Sun Rasterfile Buffer Overflows
Debian Bug report logs - #385062 CVE-2006-3743/-3744: ImageMagick XCF and Sun Rasterfile Buffer Overflows Package: imagemagick; Maintainer for imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Source for imagemagick is src:imagemagick (PTS, buildd, popcon) Reported by: Stefan Fritsch &l ...
Debian Security Advisories: DSA-1168-1 imagemagick -- several vulnerabilities
Several remote vulnerabilities have been discovered in Imagemagick, a collection of image manipulation tools, which may lead to the execution of arbitrary code The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-2440 Eero Häkkinen discovered that the display tool allocates insufficient memory for ...

References

CWE-189http://bugs.gentoo.org/show_bug.cgi?id=144854http://www.redhat.com/support/errata/RHSA-2006-0633.htmlhttp://secunia.com/advisories/21615http://www.debian.org/security/2006/dsa-1168http://www.ubuntu.com/usn/usn-340-1http://www.securityfocus.com/bid/19699http://secunia.com/advisories/21679http://secunia.com/advisories/21719http://secunia.com/advisories/21780https://issues.rpath.com/browse/RPL-605http://www.novell.com/linux/security/advisories/2006_50_imagemagick.htmlhttp://www.osvdb.org/28204http://securitytracker.com/id?1016749http://secunia.com/advisories/21671http://secunia.com/advisories/21832http://secunia.com/advisories/21621ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.aschttp://secunia.com/advisories/22036http://security.gentoo.org/glsa/glsa-200609-14.xmlhttp://secunia.com/advisories/22096http://www.mandriva.com/security/advisories?name=MDKSA-2006:155http://www.vupen.com/english/advisories/2006/3375https://exchange.xforce.ibmcloud.com/vulnerabilities/28574https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11486https://usn.ubuntu.com/340-1/https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38002CVE-2006-4304CVE-2024-4336CVE-2024-33437CVE-2024-4340CVE-2024-27956privilegeinsecure direct object referenceXSSitem search icon">CVE-2024-25938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook