CVE-2006-0082 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-0082
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-0082

Description: Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program.

CVE Status: Candidate

References: UBUNTU http://www.ubuntu.com/usn/usn-246-1 SUSE http://www.novell.com/linux/security/advisories/2006_06_sr.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-231321-1 ST 1015623 SREASON http://securityreason.com/securityalert/500 SLACKWARE http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.341682 SGI SAID Secunia Advisory: SA18607 Secunia Advisory: SA18261 Secunia Advisory: SA18851 Secunia Advisory: SA18871 Secunia Advisory: SA19030 Secunia Advisory: SA19183 Secunia Advisory: SA19408 Secunia Advisory: SA22998 Secunia Advisory: SA23090 Secunia Advisory: SA28800 REDHAT http://rhn.redhat.com/errata/RHSA-2006-0178.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2006:024 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200602-13.xml http://www.gentoo.org/security/en/glsa/glsa-200602-06.xml DEBIAN http://www.debian.org/security/2006/dsa-1213 CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345876 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/452718/100/100/threaded BID 12717

Return to the previous page.