CVE-2006-3744
https://notcve.org/view.php?id=CVE-2006-3744
Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun Rasterfile (bitmap) images that trigger heap-based buffer overflows. Múltiples desbordamientos de entero en ImageMagick anterior a 6.2.9 permiten a atacantes con la intervención del usuario ejecutar código de su elección mediante imágenes Sun Rasterfile (bitmap) manipuladas que provocan desbordamientos de búfer basado en montón. • ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc http://bugs.gentoo.org/show_bug.cgi?id=144854 http://secunia.com/advisories/21615 http://secunia.com/advisories/21621 http://secunia.com/advisories/21671 http://secunia.com/advisories/21679 http://secunia.com/advisories/21719 http://secunia.com/advisories/21780 http://secunia.com/advisories/21832 http://secunia.com/advisories/22036 http://secunia.com/advisories/22096 http://security.gentoo.org/glsa& • CWE-189: Numeric Errors •
CVE-2006-4144 – ImageMagick 6.x - '.SGI' Image File Remote Heap Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-4144
Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow. Desbordamiento de entero en la función ReadSGIImage en sgi.c de ImageMagick anterior a 6.2.9 permite a atacantes con la intervención del usuario provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección mediante (1) bytes_per_pixel, (2) columnas, y (3) valores de fila, que provocan un desbordamiento de búfer basado en montón. • https://www.exploit-db.com/exploits/28383 ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc http://secunia.com/advisories/21462 http://secunia.com/advisories/21525 http://secunia.com/advisories/21621 http://secunia.com/advisories/21671 http://secunia.com/advisories/21679 http://secunia.com/advisories/21832 http://secunia.com/advisories/22036 http://secunia.com/advisories/22096 http://secunia.com/advisories/22998 http://security.gentoo.org/glsa/glsa •
CVE-2006-2440
https://notcve.org/view.php?id=CVE-2006-2440
Heap-based buffer overflow in the libMagick component of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function. • ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345595 http://secunia.com/advisories/21719 http://secunia.com/advisories/24186 http://secunia.com/advisories/24284 http://www.debian.org/security/2006/dsa-1168 http://www.redhat.com/support/errata/RHSA-2007-0015.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9481 https://access.redhat.com/security/cve/CVE-2006-2 •
CVE-2006-0082
https://notcve.org/view.php?id=CVE-2006-0082
Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program. • ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345876 http://rhn.redhat.com/errata/RHSA-2006-0178.html http://secunia.com/advisories/18261 http://secunia.com/advisories/18607 http://secunia.com/advisories/18851 http://secunia.com/advisories/18871 http://secunia.com/advisories/19030 http://secunia.com/advisories/19183 http://secunia.com/advisories/19408 http://secunia.com/advisories/22998 http:/ • CWE-134: Use of Externally-Controlled Format String •
CVE-2005-3582
https://notcve.org/view.php?id=CVE-2005-3582
ImageMagick before 6.2.4.2-r1 allows local users in the portage group to increase privileges via a shared object in the Portage temporary build directory, which is added to the search path allowing objects in it to be loaded at runtime. • http://secunia.com/advisories/17427 http://www.gentoo.org/security/en/glsa/glsa-200511-02.xml http://www.osvdb.org/20528 http://www.securityfocus.com/bid/15120 http://www.vupen.com/english/advisories/2005/2281 •