cbcvebase.
CVE-2006-4144
published 2006-08-15

CVE-2006-4144: Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and…

PriorityP429low2.6CVSS 2.0
AVNACHAuNCNINAP
EXPLOIT
EPSS
10.21%
95.1th percentile
Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow.

Affected

39 ranges· showing 25
VendorProductVersion rangeFixed in
debiangraphicsmagick< graphicsmagick 1.1.7-7 (bookworm)graphicsmagick 1.1.7-7 (bookworm)
debianimagemagick< graphicsmagick 1.1.7-7 (bookworm)graphicsmagick 1.1.7-7 (bookworm)
graphicsmagickgraphicsmagick>= 0 < 1.1.7-71.1.7-7
graphicsmagickgraphicsmagick>= 0 < 1.1.7-71.1.7-7
graphicsmagickgraphicsmagick>= 0 < 1.1.7-71.1.7-7
graphicsmagickgraphicsmagick>= 0 < 1.1.7-71.1.7-7
imagemagickimagemagick
imagemagickimagemagick
imagemagickimagemagick
imagemagickimagemagick
imagemagickimagemagick
imagemagickimagemagick
imagemagickimagemagick
imagemagickimagemagick
imagemagickimagemagick
imagemagickimagemagick
imagemagickimagemagick
imagemagickimagemagick
imagemagickimagemagick
imagemagickimagemagick
imagemagickimagemagick
imagemagickimagemagick
imagemagickimagemagick
imagemagickimagemagick
imagemagickimagemagick

CVSS provenance

nvdv2.02.6LOWAV:N/AC:H/Au:N/C:N/I:N/A:P
osv2.6LOW
vendor_debian2.6MEDIUM
vendor_redhat2.6LOW
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.