CVE-2006-5456 – Overflows in GraphicsMagick and ImageMagick's DCM and PALM handling routines
https://notcve.org/view.php?id=CVE-2006-5456
Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. Múltiples desbordamientos de búfer en GraphicsMagick anterior a 1.1.7 e ImageMagick 6.0.7 permiten a atacantes con intervención del usuario provocar una denegación de servicio y posiblemente ejecutar código de su elección mediante (1) una imagen DCM que no es manejada adecuadamente por la función ReadDCMImage en coders/dcm.c, o (2) una imagen PALM que no es manejada adecuadamente por la función ReadPALMImage en coders/palm.c. • ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc http://packages.debian.org/changelogs/pool/main/g/graphicsmagick/graphicsmagick_1.1.7-9/changelog#versionversion1.1.7-9 http://secunia.com/advisories/22569 http://secunia.com/advisories/22572 http://secunia.com/advisories/22601 http://secunia.com/advisories/22604 http://secunia.com/advisories/22819 http://secunia.com/advisories/22834 http://secunia.com/advisories/22998 http://secunia.com/advisories/23090 http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2006-3743
https://notcve.org/view.php?id=CVE-2006-3743
Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted attackers to execute arbitrary code via crafted XCF images. Múltiples vulnerabilidades de desbordamiento de búfer en ImageMagick anterior a 6.2.9 permiten a atacantes con la intervención del usuario ejecutar código de su elección mediante imágenes XCF manipuladas. • ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc http://bugs.gentoo.org/show_bug.cgi?id=144854 http://secunia.com/advisories/21615 http://secunia.com/advisories/21621 http://secunia.com/advisories/21671 http://secunia.com/advisories/21679 http://secunia.com/advisories/21719 http://secunia.com/advisories/21780 http://secunia.com/advisories/21832 http://secunia.com/advisories/22036 http://secunia.com/advisories/22096 http://security.gentoo.org/glsa& •
CVE-2006-3744
https://notcve.org/view.php?id=CVE-2006-3744
Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun Rasterfile (bitmap) images that trigger heap-based buffer overflows. Múltiples desbordamientos de entero en ImageMagick anterior a 6.2.9 permiten a atacantes con la intervención del usuario ejecutar código de su elección mediante imágenes Sun Rasterfile (bitmap) manipuladas que provocan desbordamientos de búfer basado en montón. • ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc http://bugs.gentoo.org/show_bug.cgi?id=144854 http://secunia.com/advisories/21615 http://secunia.com/advisories/21621 http://secunia.com/advisories/21671 http://secunia.com/advisories/21679 http://secunia.com/advisories/21719 http://secunia.com/advisories/21780 http://secunia.com/advisories/21832 http://secunia.com/advisories/22036 http://secunia.com/advisories/22096 http://security.gentoo.org/glsa& • CWE-189: Numeric Errors •
CVE-2006-4144 – ImageMagick 6.x - '.SGI' Image File Remote Heap Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-4144
Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow. Desbordamiento de entero en la función ReadSGIImage en sgi.c de ImageMagick anterior a 6.2.9 permite a atacantes con la intervención del usuario provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección mediante (1) bytes_per_pixel, (2) columnas, y (3) valores de fila, que provocan un desbordamiento de búfer basado en montón. • https://www.exploit-db.com/exploits/28383 ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc http://secunia.com/advisories/21462 http://secunia.com/advisories/21525 http://secunia.com/advisories/21621 http://secunia.com/advisories/21671 http://secunia.com/advisories/21679 http://secunia.com/advisories/21832 http://secunia.com/advisories/22036 http://secunia.com/advisories/22096 http://secunia.com/advisories/22998 http://security.gentoo.org/glsa/glsa •
CVE-2006-2440
https://notcve.org/view.php?id=CVE-2006-2440
Heap-based buffer overflow in the libMagick component of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function. • ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345595 http://secunia.com/advisories/21719 http://secunia.com/advisories/24186 http://secunia.com/advisories/24284 http://www.debian.org/security/2006/dsa-1168 http://www.redhat.com/support/errata/RHSA-2007-0015.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9481 https://access.redhat.com/security/cve/CVE-2006-2 •