Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | graphicsmagick | <Â 1.1.7-7 | graphicsmagick_1.1.7-7_all.deb |
Debian | 11 | all | graphicsmagick | <Â 1.1.7-7 | graphicsmagick_1.1.7-7_all.deb |
Debian | 10 | all | graphicsmagick | <Â 1.1.7-7 | graphicsmagick_1.1.7-7_all.deb |
Debian | 999 | all | graphicsmagick | <Â 1.1.7-7 | graphicsmagick_1.1.7-7_all.deb |
Debian | 13 | all | graphicsmagick | <Â 1.1.7-7 | graphicsmagick_1.1.7-7_all.deb |
Debian | 12 | all | imagemagick | <Â 7:6.2.4.5.dfsg1-0.10 | imagemagick_7:6.2.4.5.dfsg1-0.10_all.deb |
Debian | 11 | all | imagemagick | <Â 7:6.2.4.5.dfsg1-0.10 | imagemagick_7:6.2.4.5.dfsg1-0.10_all.deb |
Debian | 10 | all | imagemagick | <Â 7:6.2.4.5.dfsg1-0.10 | imagemagick_7:6.2.4.5.dfsg1-0.10_all.deb |
Debian | 999 | all | imagemagick | <Â 7:6.2.4.5.dfsg1-0.10 | imagemagick_7:6.2.4.5.dfsg1-0.10_all.deb |
Debian | 13 | all | imagemagick | <Â 7:6.2.4.5.dfsg1-0.10 | imagemagick_7:6.2.4.5.dfsg1-0.10_all.deb |