CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:N/A:P
EPSS
Percentile
97.4%
Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | graphicsmagick | < 1.1.7-7 | graphicsmagick_1.1.7-7_all.deb |
Debian | 11 | all | graphicsmagick | < 1.1.7-7 | graphicsmagick_1.1.7-7_all.deb |
Debian | 999 | all | graphicsmagick | < 1.1.7-7 | graphicsmagick_1.1.7-7_all.deb |
Debian | 13 | all | graphicsmagick | < 1.1.7-7 | graphicsmagick_1.1.7-7_all.deb |
Debian | 12 | all | imagemagick | < 7:6.2.4.5.dfsg1-0.10 | imagemagick_7:6.2.4.5.dfsg1-0.10_all.deb |
Debian | 11 | all | imagemagick | < 7:6.2.4.5.dfsg1-0.10 | imagemagick_7:6.2.4.5.dfsg1-0.10_all.deb |
Debian | 999 | all | imagemagick | < 7:6.2.4.5.dfsg1-0.10 | imagemagick_7:6.2.4.5.dfsg1-0.10_all.deb |
Debian | 13 | all | imagemagick | < 7:6.2.4.5.dfsg1-0.10 | imagemagick_7:6.2.4.5.dfsg1-0.10_all.deb |