Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2006-4144

Disclosure Date: August 15, 2006
CVE-2006-4144
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • imagemagick

Products

  • imagemagick 6.0.1,
  • imagemagick 6.0.2,
  • imagemagick 6.0.2.5,
  • imagemagick 6.0.3,
  • imagemagick 6.0.4,
  • imagemagick 6.0.5,
  • imagemagick 6.0.6,
  • imagemagick 6.0.7,
  • imagemagick 6.0.8,
  • imagemagick 6.1,
  • imagemagick 6.1.1.6,
  • imagemagick 6.1.2,
  • imagemagick 6.1.3,
  • imagemagick 6.1.4,
  • imagemagick 6.1.5,
  • imagemagick 6.1.6,
  • imagemagick 6.1.7,
  • imagemagick 6.1.8,
  • imagemagick 6.2,
  • imagemagick 6.2.0.4,
  • imagemagick 6.2.0.7,
  • imagemagick 6.2.1,
  • imagemagick 6.2.2,
  • imagemagick 6.2.4,
  • imagemagick 6.2.4.5,
  • imagemagick 6.2.5,
  • imagemagick 6.2.6,
  • imagemagick 6.2.7,
  • imagemagick 6.2.8

References

Canonical
CVE-2006-4144 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4144)
BID-19507 (http://www.securityfocus.com/bid/19507)
Advisory
SECUNIA-21679 (http://secunia.com/advisories/21679)
XF-imagemagick-readsgiimage-bo(28372) (https://exchange.xforce.ibmcloud.com/vulnerabilities/28372)
SECUNIA-21671 (http://secunia.com/advisories/21671)
SECUNIA-21832 (http://secunia.com/advisories/21832)
http://www.novell.com/linux/security/advisories/2006_50_imagemagick.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11129
20060816 Re: [Overflow.pl] ImageMagick ReadSGIImage() Heap Overflow (http://www.securityfocus.com/archive/1/443362/100/0/threaded)
https://issues.rpath.com/browse/RPL-605
http://www.mandriva.com/security/advisories?name=MDKSA-2006:155
GLSA-200609-14 (http://security.gentoo.org/glsa/glsa-200609-14.xml)
SECUNIA-22096 (http://secunia.com/advisories/22096)
SECUNIA-21621 (http://secunia.com/advisories/21621)
USN-337-1 (http://www.ubuntu.com/usn/usn-337-1)
http://www.redhat.com/support/errata/RHSA-2006-0633.html
SECUNIA-21462 (http://secunia.com/advisories/21462)
SECTRACK-1016699 (http://securitytracker.com/id?1016699)
SECUNIA-22998 (http://secunia.com/advisories/22998)
DSA-1213 (http://www.debian.org/security/2006/dsa-1213)
SREASON-1385 (http://securityreason.com/securityalert/1385)
SECUNIA-22036 (http://secunia.com/advisories/22036)
20060814 [Overflow.pl] ImageMagick ReadSGIImage() Heap Overflow (http://www.securityfocus.com/archive/1/443208/100/0/threaded)
SECUNIA-21525 (http://secunia.com/advisories/21525)
Miscellaneous
http://www.overflow.pl/adv/imsgiheap.txt

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis