[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

251139

 
 

909

 
 

196159

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-4144Date: (C)2006-08-15   (M)2023-12-22


Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 2.6
Exploit Score: 4.9
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECTRACK-1016699
SREASON-1385
BID-19507
http://www.securityfocus.com/archive/1/archive/1/443208/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/443362/100/0/threaded
20060901-01-P
SECUNIA-21462
SECUNIA-21525
SECUNIA-21621
SECUNIA-21671
SECUNIA-21679
SECUNIA-21832
SECUNIA-22036
SECUNIA-22096
SECUNIA-22998
DSA-1213
GLSA-200609-14
MDKSA-2006:155
RHSA-2006:0633
SUSE-SA:2006:050
USN-337-1
http://www.overflow.pl/adv/imsgiheap.txt
https://issues.rpath.com/browse/RPL-605
imagemagick-readsgiimage-bo(28372)

CPE    29
cpe:/a:imagemagick:imagemagick:6.1.1.6
cpe:/a:imagemagick:imagemagick:6.0.2.5
cpe:/a:imagemagick:imagemagick:6.1
cpe:/a:imagemagick:imagemagick:6.2
...

© SecPod Technologies