CVE-2005-0005
published 2005-05-02CVE-2005-0005: Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD…
PriorityP434high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
4.38%
90.1th percentile
Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.
Affected
47 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | imagemagick | < imagemagick 6:6.0.6.2-2.1 (bookworm) | imagemagick 6:6.0.6.2-2.1 (bookworm) |
| gentoo | linux | — | — |
| gentoo | linux | — | — |
| gentoo | linux | — | — |
| gentoo | linux | — | — |
| gentoo | linux | — | — |
| graphicsmagick | graphicsmagick | — | — |
| graphicsmagick | graphicsmagick | — | — |
| graphicsmagick | graphicsmagick | — | — |
| graphicsmagick | graphicsmagick | — | — |
| graphicsmagick | graphicsmagick | — | — |
| imagemagick | imagemagick | — | — |
| imagemagick | imagemagick | — | — |
| imagemagick | imagemagick | — | — |
| imagemagick | imagemagick | — | — |
| imagemagick | imagemagick | — | — |
| imagemagick | imagemagick | — | — |
| imagemagick | imagemagick | — | — |
| imagemagick | imagemagick | — | — |
| imagemagick | imagemagick | — | — |
| imagemagick | imagemagick | — | — |
| imagemagick | imagemagick | — | — |
| imagemagick | imagemagick | — | — |
| imagemagick | imagemagick | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q7qj-9xh3-f579: Heap-based buffer overflow in psd
ghsa_unreviewed·2022-05-01
CVE-2005-0005 [HIGH] GHSA-q7qj-9xh3-f579: Heap-based buffer overflow in psd
Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.
OSV
CVE-2005-0005: Heap-based buffer overflow in psd
osv·2005-05-02·CVSS 7.5
CVE-2005-0005 [HIGH] CVE-2005-0005: Heap-based buffer overflow in psd
Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.
Ubuntu
imagemagick vulnerability
vendor_ubuntu·2005-01-19
CVE-2005-0005 imagemagick vulnerability
Title: imagemagick vulnerability
Summary: imagemagick vulnerability
Andrei Nigmatulin discovered a potential buffer overflow in the
PhotoShop Document image decoding function of ImageMagick. Decoding a
malicious PSD image which specifies more than the allowed 24 channels
might result in execution of arbitrary code with the user's
privileges.
Since ImageMagick can be used in custom printing systems, this also
might lead to privilege escalation (execute code with the printer
spooler's privileges). However, Ubuntu's standard printing system does
not use ImageMagick, thus there is no risk of privilege escalation in
a standard installation.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
security flaw
vendor_redhat·2005-01-17·CVSS 7.5
CVE-2005-0005 [HIGH] security flaw
security flaw
Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.
Debian
CVE-2005-0005: imagemagick - Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly e...
vendor_debian·2005·CVSS 7.5
CVE-2005-0005 [HIGH] CVE-2005-0005: imagemagick - Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly e...
Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.
Scope: local
bookworm: resolved (fixed in 6:6.0.6.2-2.1)
bullseye: resolved (fixed in 6:6.0.6.2-2.1)
forky: resolved (fixed in 6:6.0.6.2-2.1)
sid: resolved (fixed in 6:6.0.6.2-2.1)
trixie: resolved (fixed in 6:6.0.6.2-2.1)
Suricata
GPL IMAP login buffer overflow attempt
suricata·2010-09-23
CVE-1999-0005 GPL IMAP login buffer overflow attempt
GPL IMAP login buffer overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"GPL IMAP login buffer overflow attempt"; flow:established,to_server; content:"LOGIN"; isdataat:100,relative; pcre:"/\sLOGIN\s[^\n]{100}/smi"; reference:bugtraq,13727; reference:bugtraq,502; reference:cve,1999-0005; reference:cve,1999-1557; reference:cve,2005-1255; reference:nessus,10123; reference:cve,2007-2795; reference:nessus,10125; classtype:attempted-user; sid:2101842; rev:16; metadata:created_at 2010_09_23, cve CVE_1999_0005, confidence High, signature_severity Major, updated_at 2019_07_26;)
No public exploits indexed.
http://marc.info/?l=bugtraq&m=110608222117215&w=2http://www.debian.org/security/2005/dsa-646http://www.gentoo.org/security/en/glsa/glsa-200501-37.xmlhttp://www.idefense.com/application/poi/display?id=184&type=vulnerabilitieshttp://www.redhat.com/support/errata/RHSA-2005-070.htmlhttp://www.redhat.com/support/errata/RHSA-2005-071.htmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9925http://marc.info/?l=bugtraq&m=110608222117215&w=2http://www.debian.org/security/2005/dsa-646http://www.gentoo.org/security/en/glsa/glsa-200501-37.xmlhttp://www.idefense.com/application/poi/display?id=184&type=vulnerabilitieshttp://www.redhat.com/support/errata/RHSA-2005-070.htmlhttp://www.redhat.com/support/errata/RHSA-2005-071.htmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9925
2005-05-02
Published