Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-4144 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Imagemagick

9 documents8 sources

Severity

2.6LOWNVD

EPSS

19.1%

top 4.65%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Graphicsmagick Imagemagick Debian Graphicsmagick +1 more

Timeline

PublishedAug 15

Latest updateMay 3

Description

Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow.

CVSS vector

AV:N/AC:H/C:N/I:N/A:PExploitability: 4.9 | Impact: 2.9

Affected Packages5 packages

▶debiandebian/imagemagick< graphicsmagick 1.1.7-7 (bookworm)

▶Debianimagemagick/imagemagick< 7:6.2.4.5.dfsg1-0.10+3

▶NVDimagemagick/imagemagick29 versions+28

▶debiandebian/graphicsmagick< graphicsmagick 1.1.7-7 (bookworm)

▶Debiangraphicsmagick/graphicsmagick< 1.1.7-7+3

Patches

Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-468h-chpc-m7c8: Integer overflow in the ReadSGIImage function in sgi↗2022-05-03

▶

OSV

CVE-2006-4144: Integer overflow in the ReadSGIImage function in sgi↗2006-08-15

▶

💥Exploits & PoCs

Exploit-DB

ImageMagick 6.x - '.SGI' Image File Remote Heap Buffer Overflow↗2006-08-14

▶

📋Vendor Advisories

Ubuntu

imagemagick vulnerability↗2006-08-17

▶

Red Hat

security flaw↗2006-08-14

▶

Debian

CVE-2006-4144: graphicsmagick - Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2...↗2006

▶

💬Community

Bugzilla

CVE-2006-4144 security flaw↗2018-08-16

▶

Bugzilla

CVE-2006-0082 ImageMagick format string vulnerability. Also CVE-2005-4601, CVE-2006-2440, CVE-2006-3743, CVE-2006-3744, CVE-2006-4144.↗2006-01-04

▶