ImageMagick vulnerabilities

2007-02-1500:00:00

ubuntu.com

6.4 Medium

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.04 Low

EPSS

Percentile

92.0%

JSON

Releases

Ubuntu 6.10
Ubuntu 6.06
Ubuntu 5.10

Details

Vladimir Nadvornik discovered that the fix for CVE-2006-5456, released
in USN-372-1, did not correctly solve the original flaw in PALM image
handling. By tricking a user into processing a specially crafted image
with an application that uses imagemagick, an attacker could execute
arbitrary code with the user’s privileges.

OSVersionArchitecturePackageVersionFilename
Ubuntu6.10noarchlibmagick9< 7:6.2.4.5.dfsg1-0.10ubuntu0.2UNKNOWN
Ubuntu6.06noarchlibmagick9< 6:6.2.4.5-0.6ubuntu0.5UNKNOWN
Ubuntu5.10noarchlibmagick6< 6:6.2.3.4-1ubuntu1.6UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	6.10	noarch	libmagick9	< 7:6.2.4.5.dfsg1-0.10ubuntu0.2	UNKNOWN
Ubuntu	6.06	noarch	libmagick9	< 6:6.2.4.5-0.6ubuntu0.5	UNKNOWN
Ubuntu	5.10	noarch	libmagick6	< 6:6.2.3.4-1ubuntu1.6	UNKNOWN