Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0082

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-0082
Last Modified 07 Mar 2011 12:00:00
Published 04 Jan 2006 06:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-0082

Summary

Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program.

Vulnerable Systems

Application

  • Imagemagick 6.2.3


References

BID - 12717

GENTOO - GLSA-200602-13.xml

GENTOO - GLSA-200602-06

SLACKWARE - SSA:2006-045-03

SECUNIA - 19183

SECUNIA - 19030

SECUNIA - 18851

SECUNIA - 18607

SGI - 20060301-01-U

CONFIRM - https://issues.rpath.com/browse/RPL-389

VUPEN - ADV-2008-0412

UBUNTU - USN-246-1

BUGTRAQ - 20061127 rPSA-2006-0218-1 ImageMagick

SUSE - SUSE-SR:2006:006

MANDRIVA - MDKSA-2006:024

DEBIAN - DSA-1213

SUNALERT - 231321

SECTRACK - 1015623

SREASON - 500

SECUNIA - 28800

SECUNIA - 23090

SECUNIA - 22998

SECUNIA - 19408

SECUNIA - 18871

SECUNIA - 18261

REDHAT - RHSA-2006:0178

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345876


Last Updated: 27 May 2016 10:41:31