Lucene search

K
ubuntucveUbuntu.comUB:CVE-2006-4144
HistoryAug 15, 2006 - 12:00 a.m.

CVE-2006-4144

2006-08-1500:00:00
ubuntu.com
ubuntu.com
15

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

EPSS

0.463

Percentile

97.4%

Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick
before 6.2.9 allows user-assisted attackers to cause a denial of service
(crash) and possibly execute arbitrary code via large (1) bytes_per_pixel,
(2) columns, and (3) rows values, which trigger a heap-based buffer
overflow.

OSVersionArchitecturePackageVersionFilename
ubuntu6.10noarchgraphicsmagick< 1.1.7-8UNKNOWN
ubuntu7.04noarchgraphicsmagick< 1.1.7-8UNKNOWN
ubuntu6.06noarchimagemagick< 6.2.4.5-0.6ubuntu0.6UNKNOWN
ubuntu6.10noarchimagemagick< 6.2.4.5.dfsg1-0.10ubuntu0.3UNKNOWN
ubuntu7.04noarchimagemagick< 6.2.4.5.dfsg1-0.14ubuntu0.1UNKNOWN

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

EPSS

0.463

Percentile

97.4%