CVE-2006-4144 Affecting imagemagick package, versions <7:6.2.4.5.dfsg1-0.10
Snyk CVSS
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN11-IMAGEMAGICK-529839
- published 15 Aug 2006
- disclosed 15 Aug 2006
Introduced: 15 Aug 2006
CVE-2006-4144 Open this link in a new tabHow to fix?
Upgrade Debian:11
imagemagick
to version 7:6.2.4.5.dfsg1-0.10 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream imagemagick
package and not the imagemagick
package as distributed by Debian
.
See How to fix?
for Debian:11
relevant fixed versions and status.
Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow.
References
- ADVISORY
- BUGTRAQ
- BUGTRAQ
- CONFIRM
- Debian Security Advisory
- Gentoo Security Advisory
- MISC
- Oval Security
- SECTRACK
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Security Focus
- SGI
- SREASON
- SUSE
- Ubuntu Security Advisory
- X-force Vulnerability Report
- cve@mitre.org
- cve@mitre.org