CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
EPSS
Percentile
97.4%
CentOS Errata and Security Advisory CESA-2006:0633-03
ImageMagick™ is an image display and manipulation tool for the X Window
System that can read and write multiple image formats.
Tavis Ormandy discovered several integer and buffer overflow flaws in the
way ImageMagick decodes XCF, SGI, and Sun bitmap graphic files. An attacker
could execute arbitrary code on a victim’s machine if they were able to
trick the victim into opening a specially crafted image file.
(CVE-2006-3743, CVE-2006-3744, CVE-2006-4144)
Users of ImageMagick should upgrade to these updated packages, which
contain backported patches and are not vulnerable to these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-August/075341.html
Affected packages:
ImageMagick
ImageMagick-c++
ImageMagick-c+±devel
ImageMagick-devel
ImageMagick-perl
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 2 | i386 | imagemagick | < 5.3.8-16.c2.1 | ImageMagick-5.3.8-16.c2.1.i386.rpm |
CentOS | 2 | i386 | imagemagick-c++ | < 5.3.8-16.c2.1 | ImageMagick-c++-5.3.8-16.c2.1.i386.rpm |
CentOS | 2 | i386 | imagemagick-c++-devel | < 5.3.8-16.c2.1 | ImageMagick-c++-devel-5.3.8-16.c2.1.i386.rpm |
CentOS | 2 | i386 | imagemagick-devel | < 5.3.8-16.c2.1 | ImageMagick-devel-5.3.8-16.c2.1.i386.rpm |
CentOS | 2 | i386 | imagemagick-perl | < 5.3.8-16.c2.1 | ImageMagick-perl-5.3.8-16.c2.1.i386.rpm |