// For flags

CVE-2006-5456

Overflows in GraphicsMagick and ImageMagick's DCM and PALM handling routines

Severity Score

5.1
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c.

Múltiples desbordamientos de búfer en GraphicsMagick anterior a 1.1.7 e ImageMagick 6.0.7 permiten a atacantes con intervención del usuario provocar una denegación de servicio y posiblemente ejecutar código de su elección mediante (1) una imagen DCM que no es manejada adecuadamente por la función ReadDCMImage en coders/dcm.c, o (2) una imagen PALM que no es manejada adecuadamente por la función ReadPALMImage en coders/palm.c.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-10-23 CVE Reserved
  • 2006-10-23 CVE Published
  • 2024-05-04 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (39)
URL Date SRC
URL Date SRC
ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc 2018-10-17
http://secunia.com/advisories/22569 2018-10-17
http://secunia.com/advisories/22572 2018-10-17
http://secunia.com/advisories/22601 2018-10-17
http://secunia.com/advisories/22604 2018-10-17
http://secunia.com/advisories/22819 2018-10-17
http://secunia.com/advisories/22834 2018-10-17
http://secunia.com/advisories/22998 2018-10-17
http://secunia.com/advisories/23090 2018-10-17
http://secunia.com/advisories/23121 2018-10-17
http://secunia.com/advisories/24186 2018-10-17
http://secunia.com/advisories/24196 2018-10-17
http://secunia.com/advisories/24284 2018-10-17
http://secunia.com/advisories/24458 2018-10-17
http://security.gentoo.org/glsa/glsa-200611-07.xml 2018-10-17
http://security.gentoo.org/glsa/glsa-200611-19.xml 2018-10-17
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.352092 2018-10-17
http://www.debian.org/security/2006/dsa-1213 2018-10-17
http://www.mandriva.com/security/advisories?name=MDKSA-2006:193 2018-10-17
http://www.mandriva.com/security/advisories?name=MDKSA-2007:041 2018-10-17
http://www.novell.com/linux/security/advisories/2006_66_imagemagick.html 2018-10-17
http://www.novell.com/linux/security/advisories/2007_3_sr.html 2018-10-17
http://www.redhat.com/support/errata/RHSA-2007-0015.html 2018-10-17
http://www.ubuntu.com/usn/usn-372-1 2018-10-17
http://www.ubuntu.com/usn/usn-422-1 2018-10-17
http://www.vupen.com/english/advisories/2006/4170 2018-10-17
http://www.vupen.com/english/advisories/2006/4171 2018-10-17
https://access.redhat.com/security/cve/CVE-2006-5456 2007-02-15
https://bugzilla.redhat.com/show_bug.cgi?id=210921 2007-02-15
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Graphicsmagick
Search vendor "Graphicsmagick"
Graphicsmagick
Search vendor "Graphicsmagick" for product "Graphicsmagick"
<= 1.1.6
Search vendor "Graphicsmagick" for product "Graphicsmagick" and version " <= 1.1.6"
-
Affected
Graphicsmagick
Search vendor "Graphicsmagick"
Graphicsmagick
Search vendor "Graphicsmagick" for product "Graphicsmagick"
1.0
Search vendor "Graphicsmagick" for product "Graphicsmagick" and version "1.0"
-
Affected
Graphicsmagick
Search vendor "Graphicsmagick"
Graphicsmagick
Search vendor "Graphicsmagick" for product "Graphicsmagick"
1.0.6
Search vendor "Graphicsmagick" for product "Graphicsmagick" and version "1.0.6"
-
Affected
Graphicsmagick
Search vendor "Graphicsmagick"
Graphicsmagick
Search vendor "Graphicsmagick" for product "Graphicsmagick"
1.1
Search vendor "Graphicsmagick" for product "Graphicsmagick" and version "1.1"
-
Affected
Graphicsmagick
Search vendor "Graphicsmagick"
Graphicsmagick
Search vendor "Graphicsmagick" for product "Graphicsmagick"
1.1.3
Search vendor "Graphicsmagick" for product "Graphicsmagick" and version "1.1.3"
-
Affected
Graphicsmagick
Search vendor "Graphicsmagick"
Graphicsmagick
Search vendor "Graphicsmagick" for product "Graphicsmagick"
1.1.4
Search vendor "Graphicsmagick" for product "Graphicsmagick" and version "1.1.4"
-
Affected
Graphicsmagick
Search vendor "Graphicsmagick"
Graphicsmagick
Search vendor "Graphicsmagick" for product "Graphicsmagick"
1.1.5
Search vendor "Graphicsmagick" for product "Graphicsmagick" and version "1.1.5"
-
Affected
Imagemagick
Search vendor "Imagemagick"
Imagemagick
Search vendor "Imagemagick" for product "Imagemagick"
6.0.7
Search vendor "Imagemagick" for product "Imagemagick" and version "6.0.7"
-
Affected