CVE-2006-3743

Published: Aug 25, 2006Modified: Apr 16, 2026

5.1

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability: 4.9 / Impact: 6.4

Source: NVD

Description

Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted attackers to execute arbitrary code via crafted XCF images.

Affected (16)

Products: Imagemagick: Imagemagick

Imagemagick

1 product

Imagemagick

Configuration A

16 vulnerable

Vulnerable Software	Affected Versions
Imagemagick Imagemagick	Version 6.2.0.4
Imagemagick Imagemagick	Version 6.2.0.7
Imagemagick Imagemagick	Version 6.2.0.8
Imagemagick Imagemagick	Version 6.2.1.7
Imagemagick Imagemagick	Version 6.2.1
Imagemagick Imagemagick	Version 6.2.2.5
Imagemagick Imagemagick	Version 6.2.2
Imagemagick Imagemagick	Version 6.2.3.6
Imagemagick Imagemagick	Version 6.2.3
Imagemagick Imagemagick	Version 6.2.4.5
Imagemagick Imagemagick	Version 6.2.4
Imagemagick Imagemagick	Version 6.2.5
Imagemagick Imagemagick	Version 6.2.6
Imagemagick Imagemagick	Version 6.2.7
Imagemagick Imagemagick	Version 6.2.8
Imagemagick Imagemagick	Version 6.2

References (48)

ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc (unsafe URL)

Source: secalert@redhat.com

http://bugs.gentoo.org/show_bug.cgi?id=144854

Source: secalert@redhat.com

Patch

http://secunia.com/advisories/21615

Source: secalert@redhat.com

PatchVendor Advisory

http://secunia.com/advisories/21621

Source: secalert@redhat.com

PatchVendor Advisory

http://secunia.com/advisories/21671

Source: secalert@redhat.com

PatchVendor Advisory

http://secunia.com/advisories/21679

Source: secalert@redhat.com

PatchVendor Advisory

http://secunia.com/advisories/21719

Source: secalert@redhat.com

PatchVendor Advisory

http://secunia.com/advisories/21780

Source: secalert@redhat.com

PatchVendor Advisory

http://secunia.com/advisories/21832

Source: secalert@redhat.com

PatchVendor Advisory

http://secunia.com/advisories/22036

Source: secalert@redhat.com

http://secunia.com/advisories/22096

Source: secalert@redhat.com

http://security.gentoo.org/glsa/glsa-200609-14.xml

Source: secalert@redhat.com

http://securitytracker.com/id?1016749

Source: secalert@redhat.com

Patch

http://www.debian.org/security/2006/dsa-1168

Source: secalert@redhat.com

PatchVendor Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2006:155

Source: secalert@redhat.com

http://www.novell.com/linux/security/advisories/2006_50_imagemagick.html

Source: secalert@redhat.com

PatchVendor Advisory

http://www.osvdb.org/28205

Source: secalert@redhat.com

Patch

http://www.redhat.com/support/errata/RHSA-2006-0633.html

Source: secalert@redhat.com

Patch

http://www.securityfocus.com/bid/19697

Source: secalert@redhat.com

Patch

http://www.ubuntu.com/usn/usn-340-1

Source: secalert@redhat.com

Patch

http://www.vupen.com/english/advisories/2006/3375

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/28575

Source: secalert@redhat.com

https://issues.rpath.com/browse/RPL-605

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9895

Source: secalert@redhat.com

ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc (unsafe URL)