PT-2006-3401 · Imagemagick+1 · Imagemagick+1

Eero Häkkinen

Publicado

2006-05-18

Atualizado

2017-10-12

CVE-2006-2440

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions ImageMagick version 6.0.6.2

Description A heap-based buffer overflow issue exists in the libMagick component. This issue might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function.

Recommendations For ImageMagick version 6.0.6.2, consider updating to a newer version to mitigate the risk of exploitation. As a temporary workaround, restrict the use of the ExpandFilenames function until a patch is available.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2006-2440

DSA-1168-1

RHSA-2007:0015

RHSA-2007_0015

Produtos afetados

Imagemagick

Red Hat

PT-2006-3401 · Imagemagick+1 · Imagemagick+1

CVE-2006-2440

Identificadores relacionados

Produtos afetados

Referências · 16