Vulnerabilities > CVE-2006-2440 - Remote Security vulnerability in Imagemagick 6.0.6.2/6.2.4

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
imagemagick
nessus
NVD
Published: 2006-05-18
Updated: 2017-10-12

Summary

Heap-based buffer overflow in the libMagick component of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function.

Vulnerable Configurations

Part Description Count
Application
Imagemagick
2

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2006-024.NASL
    descriptionThe delegate code in ImageMagick 6.2.4.x allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command. (CVE-2005-4601) A format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3, and other versions, allows user-complicit attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program. (CVE-2006-0082) The updated packages have been patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id20818
    published2006-01-29
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20818
    titleMandrake Linux Security Advisory : ImageMagick (MDKSA-2006:024)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1168.NASL
    descriptionSeveral remote vulnerabilities have been discovered in Imagemagick, a collection of image manipulation tools, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-2440 Eero Hakkinen discovered that the display tool allocates insufficient memory for globbing patterns, which might lead to a buffer overflow. - CVE-2006-3743 Tavis Ormandy from the Google Security Team discovered that the Sun bitmap decoder performs insufficient input sanitising, which might lead to buffer overflows and the execution of arbitrary code. - CVE-2006-3744 Tavis Ormandy from the Google Security Team discovered that the XCF image decoder performs insufficient input sanitising, which might lead to buffer overflows and the execution of arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id22710
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22710
    titleDebian DSA-1168-1 : imagemagick - several vulnerabilities
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-0015.NASL
    descriptionUpdated ImageMagick packages that correct several security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Several security flaws were discovered in the way ImageMagick decodes DCM, PALM, and SGI graphic files. An attacker may be able to execute arbitrary code on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id24357
    published2007-02-17
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/24357
    titleCentOS 3 / 4 : ImageMagick (CESA-2007:0015)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-0015.NASL
    descriptionFrom Red Hat Security Advisory 2007:0015 : Updated ImageMagick packages that correct several security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Several security flaws were discovered in the way ImageMagick decodes DCM, PALM, and SGI graphic files. An attacker may be able to execute arbitrary code on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id67439
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67439
    titleOracle Linux 3 / 4 : ImageMagick (ELSA-2007-0015)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0015.NASL
    descriptionUpdated ImageMagick packages that correct several security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Several security flaws were discovered in the way ImageMagick decodes DCM, PALM, and SGI graphic files. An attacker may be able to execute arbitrary code on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id24363
    published2007-02-17
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/24363
    titleRHEL 2.1 / 3 / 4 : ImageMagick (RHSA-2007:0015)

Oval

accepted2013-04-29T04:19:40.696-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionHeap-based buffer overflow in the libMagick componet of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function.
familyunix
idoval:org.mitre.oval:def:9481
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleHeap-based buffer overflow in the libMagick componet of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function.
version26

Redhat

advisories
rhsa
idRHSA-2007:0015
rpms
  • ImageMagick-0:5.3.8-18
  • ImageMagick-0:5.5.6-24
  • ImageMagick-0:6.0.7.1-16.0.3
  • ImageMagick-c++-0:5.3.8-18
  • ImageMagick-c++-0:5.5.6-24
  • ImageMagick-c++-0:6.0.7.1-16.0.3
  • ImageMagick-c++-devel-0:5.3.8-18
  • ImageMagick-c++-devel-0:5.5.6-24
  • ImageMagick-c++-devel-0:6.0.7.1-16.0.3
  • ImageMagick-debuginfo-0:5.5.6-24
  • ImageMagick-debuginfo-0:6.0.7.1-16.0.3
  • ImageMagick-devel-0:5.3.8-18
  • ImageMagick-devel-0:5.5.6-24
  • ImageMagick-devel-0:6.0.7.1-16.0.3
  • ImageMagick-perl-0:5.3.8-18
  • ImageMagick-perl-0:5.5.6-24
  • ImageMagick-perl-0:6.0.7.1-16.0.3

Statements

contributorMark J Cox
lastmodified2006-09-19
organizationRed Hat
statementRed Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192278 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue does not affect Red Hat Enterprise Linux 2.1 or 3.

References