CVE-2006-4144

Published: Aug 15, 2006Modified: Apr 16, 2026

2.6

Vector

AV:N/AC:H/Au:N/C:N/I:N/A:P

Exploitability: 4.9 / Impact: 2.9

Source: NVD

Description

Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow.

Affected (29)

Products: Imagemagick: Imagemagick

1 product

Configuration A

29 vulnerable

Vulnerable Software	Affected Versions
Imagemagick Imagemagick	Version 6.0.1
Imagemagick Imagemagick	Version 6.0.2.5
Imagemagick Imagemagick	Version 6.0.2
Imagemagick Imagemagick	Version 6.0.3
Imagemagick Imagemagick	Version 6.0.4
Imagemagick Imagemagick	Version 6.0.5
Imagemagick Imagemagick	Version 6.0.6
Imagemagick Imagemagick	Version 6.0.7
Imagemagick Imagemagick	Version 6.0.8
Imagemagick Imagemagick	Version 6.1.1.6
Imagemagick Imagemagick	Version 6.1.2
Imagemagick Imagemagick	Version 6.1.3
Imagemagick Imagemagick	Version 6.1.4
Imagemagick Imagemagick	Version 6.1.5
Imagemagick Imagemagick	Version 6.1.6
Imagemagick Imagemagick	Version 6.1.7
Imagemagick Imagemagick	Version 6.1.8
Imagemagick Imagemagick	Version 6.1
Imagemagick Imagemagick	Version 6.2.0.4
Imagemagick Imagemagick	Version 6.2.0.7
Imagemagick Imagemagick	Version 6.2.1
Imagemagick Imagemagick	Version 6.2.2
Imagemagick Imagemagick	Version 6.2.4.5
Imagemagick Imagemagick	Version 6.2.4
Imagemagick Imagemagick	Version 6.2.5
Imagemagick Imagemagick	Version 6.2.6
Imagemagick Imagemagick	Version 6.2.7
Imagemagick Imagemagick	Version 6.2.8
Imagemagick Imagemagick	Version 6.2

References (50)

ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc (unsafe URL)

Source: cve@mitre.org

http://secunia.com/advisories/21462

Source: cve@mitre.org

PatchVendor Advisory

http://secunia.com/advisories/21525

Source: cve@mitre.org

http://secunia.com/advisories/21621

Source: cve@mitre.org

http://secunia.com/advisories/21671

Source: cve@mitre.org

http://secunia.com/advisories/21679

Source: cve@mitre.org

http://secunia.com/advisories/21832

Source: cve@mitre.org

http://secunia.com/advisories/22036

Source: cve@mitre.org

http://secunia.com/advisories/22096

Source: cve@mitre.org

http://secunia.com/advisories/22998

Source: cve@mitre.org

http://security.gentoo.org/glsa/glsa-200609-14.xml

Source: cve@mitre.org

http://securityreason.com/securityalert/1385

Source: cve@mitre.org

http://securitytracker.com/id?1016699

Source: cve@mitre.org

http://www.debian.org/security/2006/dsa-1213

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDKSA-2006:155

Source: cve@mitre.org

http://www.novell.com/linux/security/advisories/2006_50_imagemagick.html

Source: cve@mitre.org

http://www.overflow.pl/adv/imsgiheap.txt

Source: cve@mitre.org

Exploit

http://www.redhat.com/support/errata/RHSA-2006-0633.html

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/443208/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/443362/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/19507

Source: cve@mitre.org

Exploit

http://www.ubuntu.com/usn/usn-337-1

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/28372

Source: cve@mitre.org

https://issues.rpath.com/browse/RPL-605

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11129

Source: cve@mitre.org

ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc (unsafe URL)

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/21462

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://secunia.com/advisories/21525

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/21621

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/21671

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/21679

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/21832

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/22036

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/22096

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/22998

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.gentoo.org/glsa/glsa-200609-14.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://securityreason.com/securityalert/1385

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1016699

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2006/dsa-1213

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDKSA-2006:155

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.novell.com/linux/security/advisories/2006_50_imagemagick.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.overflow.pl/adv/imsgiheap.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.redhat.com/support/errata/RHSA-2006-0633.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/443208/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/443362/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/19507

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.ubuntu.com/usn/usn-337-1

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/28372

Source: af854a3a-2127-422b-91ae-364da2661108

https://issues.rpath.com/browse/RPL-605

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11129

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.