CVE-2006-5456

Published: Oct 23, 2006Modified: Apr 23, 2026

5.1

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability: 4.9 / Impact: 6.4

Source: NVD

Description

Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c.

Affected (8)

Products: Graphicsmagick: Graphicsmagick · Imagemagick: Imagemagick

1 product

1 product

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Graphicsmagick Graphicsmagick	Up to 1.1.6
Graphicsmagick Graphicsmagick	Version 1.0.6
Graphicsmagick Graphicsmagick	Version 1.0
Graphicsmagick Graphicsmagick	Version 1.1.3
Graphicsmagick Graphicsmagick	Version 1.1.4
Graphicsmagick Graphicsmagick	Version 1.1.5
Graphicsmagick Graphicsmagick	Version 1.1
Imagemagick Imagemagick	Version 6.0.7

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (74)

ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc (unsafe URL)

Source: secalert@redhat.com

http://packages.debian.org/changelogs/pool/main/g/graphicsmagick/graphicsmagick_1.1.7-9/changelog#versionversion1.1.7-9

Source: secalert@redhat.com

http://secunia.com/advisories/22569

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/22572

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/22601

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/22604

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/22819

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/22834

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/22998

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/23090

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/23121

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/24186

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/24196

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/24284

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/24458

Source: secalert@redhat.com

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200611-07.xml

Source: secalert@redhat.com

http://security.gentoo.org/glsa/glsa-200611-19.xml

Source: secalert@redhat.com

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.352092

Source: secalert@redhat.com

http://www.debian.org/security/2006/dsa-1213

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDKSA-2006:193

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDKSA-2007:041

Source: secalert@redhat.com

http://www.novell.com/linux/security/advisories/2006_66_imagemagick.html

Source: secalert@redhat.com

http://www.novell.com/linux/security/advisories/2007_3_sr.html

Source: secalert@redhat.com

http://www.osvdb.org/29990

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2007-0015.html

Source: secalert@redhat.com

Vendor Advisory

http://www.securityfocus.com/archive/1/452718/100/100/threaded

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/459507/100/0/threaded

Source: secalert@redhat.com

http://www.securityfocus.com/bid/20707

Source: secalert@redhat.com

http://www.ubuntu.com/usn/usn-372-1

Source: secalert@redhat.com

http://www.ubuntu.com/usn/usn-422-1

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2006/4170

Source: secalert@redhat.com

Vendor Advisory

http://www.vupen.com/english/advisories/2006/4171

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210921

Source: secalert@redhat.com

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/29816

Source: secalert@redhat.com

https://issues.rpath.com/browse/RPL-1034

Source: secalert@redhat.com

https://issues.rpath.com/browse/RPL-811

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9765

Source: secalert@redhat.com

ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc (unsafe URL)