CVE-2006-3744 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Imagemagick

CWE-1899 documents7 sources

Severity

5.1MEDIUMNVD

EPSS

2.1%

top 16.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Graphicsmagick Imagemagick Debian Graphicsmagick +1 more

Timeline

PublishedAug 25

Latest updateMay 3

Description

Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun Rasterfile (bitmap) images that trigger heap-based buffer overflows.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages5 packages

▶debiandebian/imagemagick< graphicsmagick 1.1.7-7 (bookworm)

▶Debianimagemagick/imagemagick< 7:6.2.4.5.dfsg1-0.10+3

▶NVDimagemagick/imagemagick6.2.8+15

▶debiandebian/graphicsmagick< graphicsmagick 1.1.7-7 (bookworm)

▶Debiangraphicsmagick/graphicsmagick< 1.1.7-7+3

Patches

Patch: bugs.gentoo.org ↗Patch: secunia.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-9963-xc26-4vg3: Multiple integer overflows in ImageMagick before 6↗2022-05-03

▶

OSV

CVE-2006-3744: Multiple integer overflows in ImageMagick before 6↗2006-08-25

▶

📋Vendor Advisories

Ubuntu

imagemagick vulnerabilities↗2006-09-06

▶

Red Hat

security flaw↗2006-08-22

▶

Debian

CVE-2006-3744: graphicsmagick - Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted atta...↗2006

▶

💬Community

Bugzilla

CVE-2006-3744 security flaw↗2018-08-16

▶

Bugzilla

CVE-2006-3743 ImageMagick multiple security issues (CVE-2006-3744)↗2006-08-11

▶

Bugzilla

CVE-2006-0082 ImageMagick format string vulnerability. Also CVE-2005-4601, CVE-2006-2440, CVE-2006-3743, CVE-2006-3744, CVE-2006-4144.↗2006-01-04

▶