Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.1
CVSSv2

CVE-2006-5456

Published: 23/10/2006 Updated: 17/10/2018
CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9
VMScore: 454
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Subscribe to Graphicsmagick

Vulnerability Summary

Multiple buffer overflows in GraphicsMagick prior to 1.1.7 and ImageMagick 6.0.7 allow user-assisted malicious users to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c.

Vulnerable Product Search on Vulmon Subscribe to Product

graphicsmagick graphicsmagick 1.1.4

graphicsmagick graphicsmagick 1.1.5

graphicsmagick graphicsmagick 1.1

graphicsmagick graphicsmagick 1.1.3

graphicsmagick graphicsmagick 1.0

graphicsmagick graphicsmagick 1.0.6

imagemagick imagemagick 6.0.7

graphicsmagick graphicsmagick

Vendor Advisories

Ubuntu Security Notice: imagemagick vulnerability
M Joonas Pihlaja discovered that ImageMagick did not sufficiently verify the validity of PALM and DCM images When processing a specially crafted image with an application that uses imagemagick, this could be exploited to execute arbitrary code with the application’s privileges ...
Ubuntu Security Notice: imagemagick vulnerabilities
Vladimir Nadvornik discovered that the fix for CVE-2006-5456, released in USN-372-1, did not correctly solve the original flaw in PALM image handling By tricking a user into processing a specially crafted image with an application that uses imagemagick, an attacker could execute arbitrary code with the user’s privileges ...
Debian Security Advisories: DSA-1260-1 imagemagick -- buffer overflow
Vladimir Nadvornik discovered that the fix for a vulnerability in the PALM decoder of Imagemagick, a collection of image manipulation programs, was ineffective To avoid confusion a new CVE ID has been assigned; the original issue was tracked as CVE-2006-5456 For the stable distribution (sarge) this problem has been fixed in version 6:6062-29 ...
Debian Security Advisories: DSA-1213-1 imagemagick -- several vulnerabilities
Several remote vulnerabilities have been discovered in Imagemagick, a collection of image manipulation programs, which may lead to the execution of arbitrary code The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-0082 Daniel Kobras discovered that Imagemagick is vulnerable to format string attack ...
Debian CVElist Bug Report Logs: CVE-2006-3743/-3744: ImageMagick XCF and Sun Rasterfile Buffer Overflows
Debian Bug report logs - #385062 CVE-2006-3743/-3744: ImageMagick XCF and Sun Rasterfile Buffer Overflows Package: imagemagick; Maintainer for imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Source for imagemagick is src:imagemagick (PTS, buildd, popcon) Reported by: Stefan Fritsch &l ...
Debian CVElist Bug Report Logs: libmagick: array index overflow in DisplayImageCommand
Debian Bug report logs - #345595 libmagick: array index overflow in DisplayImageCommand Package: imagemagick; Maintainer for imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Source for imagemagick is src:imagemagick (PTS, buildd, popcon) Reported by: Eero Häkkinen <eero17@bigfootc ...
Debian CVElist Bug Report Logs: libmagick9: Buffer overflow in SGI parser [CVE-2006-4144]
Debian Bug report logs - #383314 libmagick9: Buffer overflow in SGI parser [CVE-2006-4144] Package: libmagick9; Maintainer for libmagick9 is (unknown); Reported by: Martin Pitt <martinpitt@ubuntucom> Date: Wed, 16 Aug 2006 14:48:06 UTC Severity: grave Tags: fixed, patch, security Found in versions 6245dfsg1-09, 6:6 ...
Debian CVElist Bug Report Logs: [CVE-2005-4601] Shell command injection in delegate code (via file names)
Debian Bug report logs - #345238 [CVE-2005-4601] Shell command injection in delegate code (via file names) Package: imagemagick; Maintainer for imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Source for imagemagick is src:imagemagick (PTS, buildd, popcon) Reported by: Florian Weimer & ...
Debian CVElist Bug Report Logs: Buffer overflows in imagemagick
Debian Bug report logs - #393025 Buffer overflows in imagemagick Package: imagemagick; Maintainer for imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Source for imagemagick is src:imagemagick (PTS, buildd, popcon) Reported by: Stefan Fritsch <sf@sfritschde> Date: Sat, 14 Oct ...
Debian CVElist Bug Report Logs: [CVE-2006-0082] imagemagick: New format string vulnerability in SetImageInfo().
Debian Bug report logs - #345876 [CVE-2006-0082] imagemagick: New format string vulnerability in SetImageInfo() Package: imagemagick; Maintainer for imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Source for imagemagick is src:imagemagick (PTS, buildd, popcon) Reported by: Daniel Kob ...
Debian CVElist Bug Report Logs: imagemagick: Buffer overflow vulnerability in PALM coder. (CVE-2007-0770)
Debian Bug report logs - #410435 imagemagick: Buffer overflow vulnerability in PALM coder (CVE-2007-0770) Package: imagemagick; Maintainer for imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Source for imagemagick is src:imagemagick (PTS, buildd, popcon) Reported by: Daniel Kobras &l ...

References

CWE-119https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210921http://packages.debian.org/changelogs/pool/main/g/graphicsmagick/graphicsmagick_1.1.7-9/changelog#versionversion1.1.7-9http://www.securityfocus.com/bid/20707http://secunia.com/advisories/22569http://secunia.com/advisories/22572http://secunia.com/advisories/22604http://www.ubuntu.com/usn/usn-372-1http://secunia.com/advisories/22601http://security.gentoo.org/glsa/glsa-200611-07.xmlhttp://secunia.com/advisories/22819http://www.novell.com/linux/security/advisories/2006_66_imagemagick.htmlhttp://secunia.com/advisories/22834http://www.debian.org/security/2006/dsa-1213http://secunia.com/advisories/22998http://security.gentoo.org/glsa/glsa-200611-19.xmlhttp://secunia.com/advisories/23121https://issues.rpath.com/browse/RPL-811http://secunia.com/advisories/23090https://issues.rpath.com/browse/RPL-1034http://www.redhat.com/support/errata/RHSA-2007-0015.htmlhttp://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.352092http://www.novell.com/linux/security/advisories/2007_3_sr.htmlhttp://www.ubuntu.com/usn/usn-422-1http://www.osvdb.org/29990http://secunia.com/advisories/24186http://secunia.com/advisories/24196http://secunia.com/advisories/24458http://www.mandriva.com/security/advisories?name=MDKSA-2006:193http://www.mandriva.com/security/advisories?name=MDKSA-2007:041ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.aschttp://secunia.com/advisories/24284http://www.vupen.com/english/advisories/2006/4171http://www.vupen.com/english/advisories/2006/4170https://exchange.xforce.ibmcloud.com/vulnerabilities/29816https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9765http://www.securityfocus.com/archive/1/459507/100/0/threadedhttp://www.securityfocus.com/archive/1/452718/100/100/threadedhttps://nvd.nist.govhttps://usn.ubuntu.com/372-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook