CVE-2006-4144 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2006-4144
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-4144

Description: Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/28372 UBUNTU http://www.ubuntu.com/usn/usn-337-1 SUSE http://www.novell.com/linux/security/advisories/2006_50_imagemagick.html ST 1016699 SREASON http://securityreason.com/securityalert/1385 SGI SAID Secunia Advisory: SA21621 Secunia Advisory: SA21462 Secunia Advisory: SA21525 Secunia Advisory: SA21679 Secunia Advisory: SA21671 Secunia Advisory: SA21832 Secunia Advisory: SA22036 Secunia Advisory: SA22096 Secunia Advisory: SA22998 REDHAT http://www.redhat.com/support/errata/RHSA-2006-0633.html MISC http://www.overflow.pl/adv/imsgiheap.txt MANDRIVA http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:155 GENTOO http://security.gentoo.org/glsa/glsa-200609-14.xml DEBIAN http://www.debian.org/security/2006/dsa-1213 CONFIRM BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/443362/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/443208/100/0/threaded BID 19507

Return to the previous page.