Published: 15/08/2006 Updated: 17/10/2018

CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9

VMScore: 265

Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P

Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick prior to 6.2.9 allows user-assisted malicious users to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow.

Vulnerable Product	Search on Vulmon	Subscribe to Product
imagemagick imagemagick 6.0.2.5
imagemagick imagemagick 6.0.3
imagemagick imagemagick 6.1.1.6
imagemagick imagemagick 6.1.2
imagemagick imagemagick 6.2
imagemagick imagemagick 6.2.0.4
imagemagick imagemagick 6.2.7
imagemagick imagemagick 6.2.8
imagemagick imagemagick 6.0.1
imagemagick imagemagick 6.0.2
imagemagick imagemagick 6.0.8
imagemagick imagemagick 6.1
imagemagick imagemagick 6.1.7
imagemagick imagemagick 6.1.8
imagemagick imagemagick 6.2.5
imagemagick imagemagick 6.2.6
imagemagick imagemagick 6.0.6
imagemagick imagemagick 6.0.7
imagemagick imagemagick 6.1.5
imagemagick imagemagick 6.1.6
imagemagick imagemagick 6.2.2
imagemagick imagemagick 6.2.4
imagemagick imagemagick 6.2.4.5
imagemagick imagemagick 6.0.4
imagemagick imagemagick 6.0.5
imagemagick imagemagick 6.1.3
imagemagick imagemagick 6.1.4
imagemagick imagemagick 6.2.0.7
imagemagick imagemagick 6.2.1

Damian Put discovered a buffer overflow in imagemagick’s SGI file format decoder By tricking an user or automated system into processing a specially crafted SGI image, this could be exploited to execute arbitrary code with the user’s privileges ...

Several remote vulnerabilities have been discovered in Imagemagick, a collection of image manipulation programs, which may lead to the execution of arbitrary code The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-0082 Daniel Kobras discovered that Imagemagick is vulnerable to format string attack ...

Debian Bug report logs - #385062 CVE-2006-3743/-3744: ImageMagick XCF and Sun Rasterfile Buffer Overflows Package: imagemagick; Maintainer for imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Source for imagemagick is src:imagemagick (PTS, buildd, popcon) Reported by: Stefan Fritsch &l ...

Debian Bug report logs - #345595 libmagick: array index overflow in DisplayImageCommand Package: imagemagick; Maintainer for imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Source for imagemagick is src:imagemagick (PTS, buildd, popcon) Reported by: Eero Häkkinen <eero17@bigfootc ...

Debian Bug report logs - #383314 libmagick9: Buffer overflow in SGI parser [CVE-2006-4144] Package: libmagick9; Maintainer for libmagick9 is (unknown); Reported by: Martin Pitt <martinpitt@ubuntucom> Date: Wed, 16 Aug 2006 14:48:06 UTC Severity: grave Tags: fixed, patch, security Found in versions 6245dfsg1-09, 6:6 ...

Debian Bug report logs - #345238 [CVE-2005-4601] Shell command injection in delegate code (via file names) Package: imagemagick; Maintainer for imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Source for imagemagick is src:imagemagick (PTS, buildd, popcon) Reported by: Florian Weimer & ...

Debian Bug report logs - #393025 Buffer overflows in imagemagick Package: imagemagick; Maintainer for imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Source for imagemagick is src:imagemagick (PTS, buildd, popcon) Reported by: Stefan Fritsch <sf@sfritschde> Date: Sat, 14 Oct ...

Debian Bug report logs - #345876 [CVE-2006-0082] imagemagick: New format string vulnerability in SetImageInfo() Package: imagemagick; Maintainer for imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Source for imagemagick is src:imagemagick (PTS, buildd, popcon) Reported by: Daniel Kob ...

Debian Bug report logs - #410435 imagemagick: Buffer overflow vulnerability in PALM coder (CVE-2007-0770) Package: imagemagick; Maintainer for imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Source for imagemagick is src:imagemagick (PTS, buildd, popcon) Reported by: Daniel Kobras &l ...

source: wwwsecurityfocuscom/bid/19507/info ImageMagick is prone to a remote heap buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer This issue allows attackers to execute arbitrary machine code in the context of applications ...

Get Started

CVE-2006-4144

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect