Lucene search

K

[email protected]CVE-2006-5456

HistoryOct 23, 2006 - 5:07 p.m.

CVE-2006-5456

2006-10-2317:07:00

CWE-119

[email protected]

web.nvd.nist.gov

44

cve-2006-5456

buffer overflow

graphicsmagick

imagemagick

denial of service

arbitrary code execution

nvd

7.3 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.9%

Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c.

CPENameOperatorVersion
graphicsmagick:graphicsmagickgraphicsmagickeq1.1
graphicsmagick:graphicsmagickgraphicsmagickeq1.1.3
graphicsmagick:graphicsmagickgraphicsmagickeq1.1.5
graphicsmagick:graphicsmagickgraphicsmagickle1.1.6
imagemagick:imagemagickimagemagickeq6.0.7
graphicsmagick:graphicsmagickgraphicsmagickeq1.0
graphicsmagick:graphicsmagickgraphicsmagickeq1.1.4
graphicsmagick:graphicsmagickgraphicsmagickeq1.0.6

References

ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc

packages.debian.org/changelogs/pool/main/g/graphicsmagick/graphicsmagick_1.1.7-9/changelog#versionversion1.1.7-9

secunia.com/advisories/22569

secunia.com/advisories/22572

secunia.com/advisories/22601

secunia.com/advisories/22604

secunia.com/advisories/22819

secunia.com/advisories/22834

secunia.com/advisories/22998

secunia.com/advisories/23090

secunia.com/advisories/23121

secunia.com/advisories/24186

secunia.com/advisories/24196

secunia.com/advisories/24284

secunia.com/advisories/24458

security.gentoo.org/glsa/glsa-200611-07.xml

security.gentoo.org/glsa/glsa-200611-19.xml

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.352092

www.debian.org/security/2006/dsa-1213

www.mandriva.com/security/advisories?name=MDKSA-2006:193

www.mandriva.com/security/advisories?name=MDKSA-2007:041

www.novell.com/linux/security/advisories/2006_66_imagemagick.html

www.novell.com/linux/security/advisories/2007_3_sr.html

www.osvdb.org/29990

www.redhat.com/support/errata/RHSA-2007-0015.html

www.securityfocus.com/archive/1/452718/100/100/threaded

www.securityfocus.com/archive/1/459507/100/0/threaded

www.securityfocus.com/bid/20707

www.ubuntu.com/usn/usn-372-1

www.ubuntu.com/usn/usn-422-1

www.vupen.com/english/advisories/2006/4170

www.vupen.com/english/advisories/2006/4171

bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210921

exchange.xforce.ibmcloud.com/vulnerabilities/29816

issues.rpath.com/browse/RPL-1034

issues.rpath.com/browse/RPL-811

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9765

7.3 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.9%

Related for CVE-2006-5456

nessus20 osv2 openvas19 securityvulns4 gentoo2 suse1 ubuntu2 ubuntucve2 slackware1 debiancve2 prion1 cve1 debian2 redhat1 centos2 oraclelinux1 fedora2