CVE-2006-2440

Published: May 18, 2006Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Heap-based buffer overflow in the libMagick component of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function.

Affected (2)

Products: Imagemagick: Imagemagick

Imagemagick

1 product

Imagemagick

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Imagemagick Imagemagick	Version 6.0.6.2
Imagemagick Imagemagick	Version 6.2.4

References (16)

ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc (unsafe URL)

Source: cve@mitre.org

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345595

Source: cve@mitre.org

Patch

http://secunia.com/advisories/21719

Source: cve@mitre.org

http://secunia.com/advisories/24186

Source: cve@mitre.org

http://secunia.com/advisories/24284

Source: cve@mitre.org

http://www.debian.org/security/2006/dsa-1168

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2007-0015.html

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9481

Source: cve@mitre.org

ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc (unsafe URL)