CVE-2006-2440 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Imagemagick

9 documents6 sources

Severity

7.5HIGHNVD

EPSS

1.8%

top 17.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagemagick Debian Imagemagick

Timeline

PublishedMay 18

Latest updateMay 3

Description

Heap-based buffer overflow in the libMagick component of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/imagemagick< imagemagick 6:6.2.4.5-0.6 (bookworm)

▶Debianimagemagick/imagemagick< 6:6.2.4.5-0.6+3

▶NVDimagemagick/imagemagick6.0.6.2, 6.2.4+1

Patches

Patch: bugs.debian.org ↗Patch: bugs.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-g4fx-7rrq-8736: Heap-based buffer overflow in the libMagick component of ImageMagick 6↗2022-05-03

▶

OSV

CVE-2006-2440: Heap-based buffer overflow in the libMagick component of ImageMagick 6↗2006-05-18

▶

📋Vendor Advisories

Red Hat

security flaw↗2006-01-02

▶

Debian

CVE-2006-2440: imagemagick - Heap-based buffer overflow in the libMagick component of ImageMagick 6.0.6.2 mig...↗2006

▶

💬Community

Bugzilla

CVE-2006-2440 security flaw↗2018-08-16

▶

Bugzilla

CVE-2006-2440 ImageMagick heap overflow↗2006-05-18

▶

Bugzilla

CVE-2006-2440 ImageMagick heap overflow↗2006-05-18

▶

Bugzilla

CVE-2006-0082 ImageMagick format string vulnerability. Also CVE-2005-4601, CVE-2006-2440, CVE-2006-3743, CVE-2006-3744, CVE-2006-4144.↗2006-01-04

▶