PT-2006-3401 · Imagemagick+1 · Imagemagick+1

Eero Häkkinen

Published

2006-05-18

Updated

2017-10-12

CVE-2006-2440

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions ImageMagick version 6.0.6.2

Description A heap-based buffer overflow issue exists in the libMagick component. This issue might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function.

Recommendations For ImageMagick version 6.0.6.2, consider updating to a newer version to mitigate the risk of exploitation. As a temporary workaround, restrict the use of the ExpandFilenames function until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-2440

DSA-1168-1

RHSA-2007:0015

RHSA-2007_0015

Affected Products

Imagemagick

Red Hat

PT-2006-3401 · Imagemagick+1 · Imagemagick+1

CVE-2006-2440

Related Identifiers

Affected Products

References · 16