Vulnerabilities > CVE-2006-3744 - Numeric Errors vulnerability in Imagemagick
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun Rasterfile (bitmap) images that trigger heap-based buffer overflows.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-155.NASL description Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted attackers to execute arbitrary code via crafted XCF images. (CVE-2006-3743) Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun bitmap images that trigger heap-based buffer overflows. (CVE-2006-3744) Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow. (CVE-2006-4144) The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 23899 published 2006-12-16 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23899 title Mandrake Linux Security Advisory : ImageMagick (MDKSA-2006:155) NASL family SuSE Local Security Checks NASL id SUSE_IMAGEMAGICK-2006.NASL description Several security problems have been fixed in ImageMagick : - CVE-2006-3744: Several heap buffer overflow were found in the Sun Bitmap decoder of ImageMagick by an audit by the Google Security Team. This problem could be exploited by an attacker to execute code. - CVE-2006-3743: Multiple buffer overflows were found in the XCF handling due to incorrect bounds checking by the Google Security Team. This problem could be exploited by an attacker to execute code. - CVE-2006-4144: A integer overflow in the ReadSGIImage function can be used by attackers to potentially execute code. - An infinite loop in ImageMagick caused by TransformHSB was fixed. - An infinite loop in handling of TIFF images was fixed. last seen 2020-06-01 modified 2020-06-02 plugin id 27104 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27104 title openSUSE 10 Security Update : ImageMagick (ImageMagick-2006) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1168.NASL description Several remote vulnerabilities have been discovered in Imagemagick, a collection of image manipulation tools, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-2440 Eero Hakkinen discovered that the display tool allocates insufficient memory for globbing patterns, which might lead to a buffer overflow. - CVE-2006-3743 Tavis Ormandy from the Google Security Team discovered that the Sun bitmap decoder performs insufficient input sanitising, which might lead to buffer overflows and the execution of arbitrary code. - CVE-2006-3744 Tavis Ormandy from the Google Security Team discovered that the XCF image decoder performs insufficient input sanitising, which might lead to buffer overflows and the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 22710 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22710 title Debian DSA-1168-1 : imagemagick - several vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_IMAGEMAGICK-2048.NASL description Several security problems have been fixed in ImageMagick : - Several heap buffer overflow were found in the Sun Bitmap decoder of ImageMagick by an audit by the Google Security Team. This problem could be exploited by an attacker to execute code. (CVE-2006-3744) - Multiple buffer overflows were found in the XCF plugin due to incorrect bounds checking by the Google Security Team. This problem could be exploited by an attacker to execute code. (CVE-2006-3743) - A integer overflow in the ReadSGIImage function can be used by attackers to potentially execute code. (CVE-2006-4144) - An infinite loop in ImageMagick caused by TransformHSB was fixed. - An infinite loop in handling of TIFF images was fixed. last seen 2020-06-01 modified 2020-06-02 plugin id 29347 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29347 title SuSE 10 Security Update : ImageMagick (ZYPP Patch Number 2048) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0633.NASL description Updated ImageMagick packages that fix several security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick(TM) is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Tavis Ormandy discovered several integer and buffer overflow flaws in the way ImageMagick decodes XCF, SGI, and Sun bitmap graphic files. An attacker could execute arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 22292 published 2006-08-30 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22292 title RHEL 2.1 / 3 / 4 : ImageMagick (RHSA-2006:0633) NASL family SuSE Local Security Checks NASL id SUSE_SA_2006_050.NASL description The remote host is missing the patch for the advisory SUSE-SA:2006:050 (ImageMagick). Several security problems have been fixed in ImageMagick: - CVE-2006-3744: Several heap buffer overflows were found in the Sun Bitmap decoder of ImageMagick during an audit by the Google Security Team. This problem could be exploited by an attacker to execute code. - CVE-2006-3743: Multiple buffer overflows were found by the Google Security team in the XCF handling due to incorrect bounds checking. This problem could be exploited by an attacker to execute code. - CVE-2006-4144: An integer overflow in the ReadSGIImage function can be used by attackers to potentially execute code. - An infinite loop in ImageMagick caused by TransformHSB was fixed. - An infinite loop in the handling of TIFF images was fixed. last seen 2019-10-28 modified 2007-02-18 plugin id 24428 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24428 title SUSE-SA:2006:050: ImageMagick NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-340-1.NASL description Tavis Ormandy discovered several buffer overflows in imagemagick last seen 2020-06-01 modified 2020-06-02 plugin id 27919 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27919 title Ubuntu 5.04 / 5.10 / 6.06 LTS : imagemagick vulnerabilities (USN-340-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2006-0633.NASL description From Red Hat Security Advisory 2006:0633 : Updated ImageMagick packages that fix several security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick(TM) is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Tavis Ormandy discovered several integer and buffer overflow flaws in the way ImageMagick decodes XCF, SGI, and Sun bitmap graphic files. An attacker could execute arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 67403 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67403 title Oracle Linux 4 : ImageMagick (ELSA-2006-0633) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200609-14.NASL description The remote host is affected by the vulnerability described in GLSA-200609-14 (ImageMagick: Multiple Vulnerabilities) Tavis Ormandy of the Google Security Team discovered a stack and heap buffer overflow in the GIMP XCF Image decoder and multiple heap and integer overflows in the SUN bitmap decoder. Damian Put discovered a heap overflow in the SGI image decoder. Impact : An attacker may be able to create a specially crafted image that, when processed with ImageMagick, executes arbitrary code with the privileges of the executing user. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 22458 published 2006-09-27 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22458 title GLSA-200609-14 : ImageMagick: Multiple Vulnerabilities NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0633.NASL description Updated ImageMagick packages that fix several security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick(TM) is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Tavis Ormandy discovered several integer and buffer overflow flaws in the way ImageMagick decodes XCF, SGI, and Sun bitmap graphic files. An attacker could execute arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 22280 published 2006-08-30 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22280 title CentOS 3 / 4 : ImageMagick (CESA-2006:0633)
Oval
| accepted | 2013-04-29T04:14:23.404-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||
| description | Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun Rasterfile (bitmap) images that trigger heap-based buffer overflows. | ||||||||||||||||||||
| family | unix | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:11486 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
| title | Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun Rasterfile (bitmap) images that trigger heap-based buffer overflows. | ||||||||||||||||||||
| version | 26 |
Redhat
| advisories |
| ||||
| rpms |
|
Statements
| contributor | Mark J Cox |
| lastmodified | 2007-03-14 |
| organization | Red Hat |
| statement | Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |
References
- ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
- http://bugs.gentoo.org/show_bug.cgi?id=144854
- http://secunia.com/advisories/21615
- http://secunia.com/advisories/21621
- http://secunia.com/advisories/21671
- http://secunia.com/advisories/21679
- http://secunia.com/advisories/21719
- http://secunia.com/advisories/21780
- http://secunia.com/advisories/21832
- http://secunia.com/advisories/22036
- http://secunia.com/advisories/22096
- http://security.gentoo.org/glsa/glsa-200609-14.xml
- http://securitytracker.com/id?1016749
- http://www.debian.org/security/2006/dsa-1168
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:155
- http://www.novell.com/linux/security/advisories/2006_50_imagemagick.html
- http://www.osvdb.org/28204
- http://www.redhat.com/support/errata/RHSA-2006-0633.html
- http://www.securityfocus.com/bid/19699
- http://www.ubuntu.com/usn/usn-340-1
- http://www.vupen.com/english/advisories/2006/3375
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28574
- https://issues.rpath.com/browse/RPL-605
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11486