Vulnerabilities > CVE-2006-4144 - Unspecified vulnerability in Imagemagick
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow.
Vulnerable Configurations
Exploit-Db
| description | ImageMagick 6.x SGI Image File Remote Heap Buffer Overflow Vulnerability. CVE-2006-4144. Dos exploit for linux platform |
| id | EDB-ID:28383 |
| last seen | 2016-02-03 |
| modified | 2006-08-14 |
| published | 2006-08-14 |
| reporter | Damian Put |
| source | https://www.exploit-db.com/download/28383/ |
| title | ImageMagick 6.x SGI Image File Remote Heap Buffer Overflow Vulnerability |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-223.NASL description Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image. Updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 24607 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24607 title Mandrake Linux Security Advisory : ImageMagick (MDKSA-2006:223) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2006:223. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(24607); script_version ("1.15"); script_cvs_date("Date: 2019/08/02 13:32:48"); script_cve_id("CVE-2006-4144", "CVE-2006-5868"); script_xref(name:"MDKSA", value:"2006:223"); script_name(english:"Mandrake Linux Security Advisory : ImageMagick (MDKSA-2006:223)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image. Updated packages have been patched to correct this issue." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ImageMagick"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ImageMagick-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64Magick8.4.2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64Magick8.4.2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libMagick8.4.2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libMagick8.4.2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perl-Image-Magick"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006"); script_set_attribute(attribute:"patch_publication_date", value:"2006/12/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2006.0", reference:"ImageMagick-6.2.4.3-1.4.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"ImageMagick-doc-6.2.4.3-1.4.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64Magick8.4.2-6.2.4.3-1.4.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64Magick8.4.2-devel-6.2.4.3-1.4.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libMagick8.4.2-6.2.4.3-1.4.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libMagick8.4.2-devel-6.2.4.3-1.4.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"perl-Image-Magick-6.2.4.3-1.4.20060mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-155.NASL description Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted attackers to execute arbitrary code via crafted XCF images. (CVE-2006-3743) Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun bitmap images that trigger heap-based buffer overflows. (CVE-2006-3744) Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow. (CVE-2006-4144) The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 23899 published 2006-12-16 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23899 title Mandrake Linux Security Advisory : ImageMagick (MDKSA-2006:155) NASL family Fedora Local Security Checks NASL id FEDORA_2007-1340.NASL description Maintainance update fixing several security issues and bugs. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27710 published 2007-11-06 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27710 title Fedora 7 : GraphicsMagick-1.1.8-2.fc7 (2007-1340) NASL family SuSE Local Security Checks NASL id SUSE_IMAGEMAGICK-2006.NASL description Several security problems have been fixed in ImageMagick : - CVE-2006-3744: Several heap buffer overflow were found in the Sun Bitmap decoder of ImageMagick by an audit by the Google Security Team. This problem could be exploited by an attacker to execute code. - CVE-2006-3743: Multiple buffer overflows were found in the XCF handling due to incorrect bounds checking by the Google Security Team. This problem could be exploited by an attacker to execute code. - CVE-2006-4144: A integer overflow in the ReadSGIImage function can be used by attackers to potentially execute code. - An infinite loop in ImageMagick caused by TransformHSB was fixed. - An infinite loop in handling of TIFF images was fixed. last seen 2020-06-01 modified 2020-06-02 plugin id 27104 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27104 title openSUSE 10 Security Update : ImageMagick (ImageMagick-2006) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-386-1.NASL description Daniel Kobras discovered multiple buffer overflows in ImageMagick last seen 2020-06-01 modified 2020-06-02 plugin id 27969 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27969 title Ubuntu 5.10 / 6.06 LTS : imagemagick vulnerability (USN-386-1) NASL family Fedora Local Security Checks NASL id FEDORA_2006-929.NASL description ImageMagick(TM) is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Tavis Ormandy discovered several integer and buffer overflow flaws in the way ImageMagick decodes XCF, SGI, and Sun bitmap graphic files. An attacker could execute arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 24172 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24172 title Fedora Core 5 : ImageMagick-6.2.5.4-4.2.1.fc5.4 (2006-929) NASL family SuSE Local Security Checks NASL id SUSE_IMAGEMAGICK-2048.NASL description Several security problems have been fixed in ImageMagick : - Several heap buffer overflow were found in the Sun Bitmap decoder of ImageMagick by an audit by the Google Security Team. This problem could be exploited by an attacker to execute code. (CVE-2006-3744) - Multiple buffer overflows were found in the XCF plugin due to incorrect bounds checking by the Google Security Team. This problem could be exploited by an attacker to execute code. (CVE-2006-3743) - A integer overflow in the ReadSGIImage function can be used by attackers to potentially execute code. (CVE-2006-4144) - An infinite loop in ImageMagick caused by TransformHSB was fixed. - An infinite loop in handling of TIFF images was fixed. last seen 2020-06-01 modified 2020-06-02 plugin id 29347 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29347 title SuSE 10 Security Update : ImageMagick (ZYPP Patch Number 2048) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0633.NASL description Updated ImageMagick packages that fix several security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick(TM) is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Tavis Ormandy discovered several integer and buffer overflow flaws in the way ImageMagick decodes XCF, SGI, and Sun bitmap graphic files. An attacker could execute arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 22292 published 2006-08-30 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22292 title RHEL 2.1 / 3 / 4 : ImageMagick (RHSA-2006:0633) NASL family Fedora Local Security Checks NASL id FEDORA_2007-414.NASL description - Thu Apr 5 2007 Norm Murray <nmurray at redhat.com> 6.2.5.4-4.2.1.fc5.8 - more overflows (#235075, CVE-2007-1797) - Fri Sep 22 2006 Norm Murray <nmurray at redhat.com> 6.2.5.4-4.2.1.fc5.7 - more overflows (#210921 CVE-2006-5456) - Fri Sep 22 2006 Norm Murray <nmurray at redhat.com> 6.2.5.4-4.2.1.fc5.6 - fix ImageMagick-perl building (#203975) - Thu Sep 7 2006 Norm Murray <nmurray at redhat.com> - 6.2.5.4-4.2.1.fc5.5 - rebuilding - Wed Aug 23 2006 Matthias Clasen <mclasen at redhat.com> - 6.2.5.4-4.2.1.fc5.4 - fix several integer and buffer overflows (#202193, CVE-2006-3743) - fix more integer overflows (#202771, CVE-2006-4144) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 25045 published 2007-04-19 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25045 title Fedora Core 5 : ImageMagick-6.2.5.4-4.2.1.fc5.8 (2007-414) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1213.NASL description Several remote vulnerabilities have been discovered in Imagemagick, a collection of image manipulation programs, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-0082 Daniel Kobras discovered that Imagemagick is vulnerable to format string attacks in the filename parsing code. - CVE-2006-4144 Damian Put discovered that Imagemagick is vulnerable to buffer overflows in the module for SGI images. - CVE-2006-5456 M Joonas Pihlaja discovered that Imagemagick is vulnerable to buffer overflows in the module for DCM and PALM images. - CVE-2006-5868 Daniel Kobras discovered that Imagemagick is vulnerable to buffer overflows in the module for SGI images. This update also addresses regressions in the XCF codec, which were introduced in the previous security update. last seen 2020-06-01 modified 2020-06-02 plugin id 23662 published 2006-11-20 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23662 title Debian DSA-1213-1 : imagemagick - several vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_SA_2006_050.NASL description The remote host is missing the patch for the advisory SUSE-SA:2006:050 (ImageMagick). Several security problems have been fixed in ImageMagick: - CVE-2006-3744: Several heap buffer overflows were found in the Sun Bitmap decoder of ImageMagick during an audit by the Google Security Team. This problem could be exploited by an attacker to execute code. - CVE-2006-3743: Multiple buffer overflows were found by the Google Security team in the XCF handling due to incorrect bounds checking. This problem could be exploited by an attacker to execute code. - CVE-2006-4144: An integer overflow in the ReadSGIImage function can be used by attackers to potentially execute code. - An infinite loop in ImageMagick caused by TransformHSB was fixed. - An infinite loop in the handling of TIFF images was fixed. last seen 2019-10-28 modified 2007-02-18 plugin id 24428 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24428 title SUSE-SA:2006:050: ImageMagick NASL family SuSE Local Security Checks NASL id SUSE_IMAGEMAGICK-2412.NASL description A security problem was fixed in ImageMagick during decoding SGI images. The issue in question is CVE-2006-4144 which we addressed before was not completely fixed. last seen 2020-06-01 modified 2020-06-02 plugin id 29349 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29349 title SuSE 10 Security Update : ImageMagick (ZYPP Patch Number 2412) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2006-0633.NASL description From Red Hat Security Advisory 2006:0633 : Updated ImageMagick packages that fix several security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick(TM) is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Tavis Ormandy discovered several integer and buffer overflow flaws in the way ImageMagick decodes XCF, SGI, and Sun bitmap graphic files. An attacker could execute arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 67403 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67403 title Oracle Linux 4 : ImageMagick (ELSA-2006-0633) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-337-1.NASL description Damian Put discovered a buffer overflow in imagemagick last seen 2020-06-01 modified 2020-06-02 plugin id 27916 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27916 title Ubuntu 5.04 / 5.10 / 6.06 LTS : imagemagick vulnerability (USN-337-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200609-14.NASL description The remote host is affected by the vulnerability described in GLSA-200609-14 (ImageMagick: Multiple Vulnerabilities) Tavis Ormandy of the Google Security Team discovered a stack and heap buffer overflow in the GIMP XCF Image decoder and multiple heap and integer overflows in the SUN bitmap decoder. Damian Put discovered a heap overflow in the SGI image decoder. Impact : An attacker may be able to create a specially crafted image that, when processed with ImageMagick, executes arbitrary code with the privileges of the executing user. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 22458 published 2006-09-27 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22458 title GLSA-200609-14 : ImageMagick: Multiple Vulnerabilities NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0633.NASL description Updated ImageMagick packages that fix several security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick(TM) is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Tavis Ormandy discovered several integer and buffer overflow flaws in the way ImageMagick decodes XCF, SGI, and Sun bitmap graphic files. An attacker could execute arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 22280 published 2006-08-30 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22280 title CentOS 3 / 4 : ImageMagick (CESA-2006:0633) NASL family SuSE Local Security Checks NASL id SUSE_IMAGEMAGICK-2414.NASL description A security problem was fixed in ImageMagick during decoding SGI images. The issue in question is CVE-2006-4144 which we addressed before was not completely fixed. last seen 2020-06-01 modified 2020-06-02 plugin id 27106 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27106 title openSUSE 10 Security Update : ImageMagick (ImageMagick-2414)
Oval
| accepted | 2013-04-29T04:11:42.877-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||
| description | Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow. | ||||||||||||||||||||
| family | unix | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:11129 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
| title | Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow. | ||||||||||||||||||||
| version | 26 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Statements
| contributor | Mark J Cox |
| lastmodified | 2007-03-14 |
| organization | Red Hat |
| statement | Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |
References
- http://www.overflow.pl/adv/imsgiheap.txt
- http://www.securityfocus.com/bid/19507
- http://secunia.com/advisories/21462
- http://www.ubuntu.com/usn/usn-337-1
- http://securitytracker.com/id?1016699
- http://secunia.com/advisories/21525
- http://www.redhat.com/support/errata/RHSA-2006-0633.html
- http://secunia.com/advisories/21679
- https://issues.rpath.com/browse/RPL-605
- http://www.novell.com/linux/security/advisories/2006_50_imagemagick.html
- http://secunia.com/advisories/21671
- http://secunia.com/advisories/21832
- http://secunia.com/advisories/21621
- ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
- http://secunia.com/advisories/22036
- http://security.gentoo.org/glsa/glsa-200609-14.xml
- http://secunia.com/advisories/22096
- http://www.debian.org/security/2006/dsa-1213
- http://secunia.com/advisories/22998
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:155
- http://securityreason.com/securityalert/1385
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28372
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11129
- http://www.securityfocus.com/archive/1/443362/100/0/threaded
- http://www.securityfocus.com/archive/1/443208/100/0/threaded