CVE-2006-4144 – ImageMagick 6.x - '.SGI' Image File Remote Heap Buffer Overflow

https://notcve.org/view.php?id=CVE-2006-4144

Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow. Desbordamiento de entero en la función ReadSGIImage en sgi.c de ImageMagick anterior a 6.2.9 permite a atacantes con la intervención del usuario provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección mediante (1) bytes_per_pixel, (2) columnas, y (3) valores de fila, que provocan un desbordamiento de búfer basado en montón. • https://www.exploit-db.com/exploits/28383 ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc http://secunia.com/advisories/21462 http://secunia.com/advisories/21525 http://secunia.com/advisories/21621 http://secunia.com/advisories/21671 http://secunia.com/advisories/21679 http://secunia.com/advisories/21832 http://secunia.com/advisories/22036 http://secunia.com/advisories/22096 http://secunia.com/advisories/22998 http://security.gentoo.org/glsa/glsa&# •