Lucene search

[email protected]NVD:CVE-2006-2440

HistoryMay 18, 2006 - 10:02 a.m.

CVE-2006-2440

2006-05-1810:02:00

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.5%

JSON

Heap-based buffer overflow in the libMagick component of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function.

Affected configurations

NVD

Node

imagemagickimagemagickMatch6.0.6.2

imagemagickimagemagickMatch6.2.4

References

ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc

bugs.debian.org/cgi-bin/bugreport.cgi?bug=345595

secunia.com/advisories/21719

secunia.com/advisories/24186

secunia.com/advisories/24284

www.debian.org/security/2006/dsa-1168

www.redhat.com/support/errata/RHSA-2007-0015.html

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9481

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.5%

JSON

Related for NVD:CVE-2006-2440

cve1 cvelist1 ubuntucve1 prion1 debiancve1 oraclelinux1 nessus5 osv1 centos2 redhat1 openvas2 debian1