<p>Upgrade <code>Debian:11</code> <code>imagemagick</code> to version 6:6.2.4.5-0.6 or higher.</p>

Use of Externally-Controlled Format String Affecting imagemagick package, versions <6:6.2.4.5-0.6

Snyk CVSS

Attack Complexity High

Threat Intelligence

EPSS 1.74% (88^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-DEBIAN11-IMAGEMAGICK-526422
published 4 Jan 2006
disclosed 4 Jan 2006

Report a new vulnerability Found a mistake?

Introduced: 4 Jan 2006

CVE-2006-0082 Open this link in a new tab CWE-134 Open this link in a new tab

How to fix?

Upgrade Debian:11 imagemagick to version 6:6.2.4.5-0.6 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Debian. See How to fix? for Debian:11 relevant fixed versions and status.

Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program.