ID CVE-2006-3743
Summary Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted attackers to execute arbitrary code via crafted XCF images.
References
Vulnerable Configurations
  • ImageMagick 6.2
    cpe:2.3:a:imagemagick:imagemagick:6.2
  • ImageMagick 6.2.0.4
    cpe:2.3:a:imagemagick:imagemagick:6.2.0.4
  • ImageMagick 6.2.0.7
    cpe:2.3:a:imagemagick:imagemagick:6.2.0.7
  • ImageMagick 6.2.0.8
    cpe:2.3:a:imagemagick:imagemagick:6.2.0.8
  • ImageMagick 6.2.1
    cpe:2.3:a:imagemagick:imagemagick:6.2.1
  • ImageMagick 6.2.1.7
    cpe:2.3:a:imagemagick:imagemagick:6.2.1.7
  • ImageMagick 6.2.2
    cpe:2.3:a:imagemagick:imagemagick:6.2.2
  • ImageMagick 6.2.2.5
    cpe:2.3:a:imagemagick:imagemagick:6.2.2.5
  • ImageMagick 6.2.3
    cpe:2.3:a:imagemagick:imagemagick:6.2.3
  • ImageMagick 6.2.3.6
    cpe:2.3:a:imagemagick:imagemagick:6.2.3.6
  • ImageMagick 6.2.4
    cpe:2.3:a:imagemagick:imagemagick:6.2.4
  • ImageMagick 6.2.4.5
    cpe:2.3:a:imagemagick:imagemagick:6.2.4.5
  • ImageMagick 6.2.5
    cpe:2.3:a:imagemagick:imagemagick:6.2.5
  • ImageMagick 6.2.6
    cpe:2.3:a:imagemagick:imagemagick:6.2.6
  • ImageMagick 6.2.7
    cpe:2.3:a:imagemagick:imagemagick:6.2.7
  • ImageMagick 6.2.8
    cpe:2.3:a:imagemagick:imagemagick:6.2.8
CVSS
Base: 5.1 (as of 27-08-2006 - 16:28)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200609-14.NASL
    description The remote host is affected by the vulnerability described in GLSA-200609-14 (ImageMagick: Multiple Vulnerabilities) Tavis Ormandy of the Google Security Team discovered a stack and heap buffer overflow in the GIMP XCF Image decoder and multiple heap and integer overflows in the SUN bitmap decoder. Damian Put discovered a heap overflow in the SGI image decoder. Impact : An attacker may be able to create a specially crafted image that, when processed with ImageMagick, executes arbitrary code with the privileges of the executing user. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 22458
    published 2006-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22458
    title GLSA-200609-14 : ImageMagick: Multiple Vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0633.NASL
    description Updated ImageMagick packages that fix several security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick(TM) is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Tavis Ormandy discovered several integer and buffer overflow flaws in the way ImageMagick decodes XCF, SGI, and Sun bitmap graphic files. An attacker could execute arbitrary code on a victim's machine if they were able to trick the victim into opening a specially crafted image file. (CVE-2006-3743, CVE-2006-3744, CVE-2006-4144) Users of ImageMagick should upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 22292
    published 2006-08-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22292
    title RHEL 2.1 / 3 / 4 : ImageMagick (RHSA-2006:0633)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2006-0633.NASL
    description Updated ImageMagick packages that fix several security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick(TM) is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Tavis Ormandy discovered several integer and buffer overflow flaws in the way ImageMagick decodes XCF, SGI, and Sun bitmap graphic files. An attacker could execute arbitrary code on a victim's machine if they were able to trick the victim into opening a specially crafted image file. (CVE-2006-3743, CVE-2006-3744, CVE-2006-4144) Users of ImageMagick should upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 22280
    published 2006-08-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22280
    title CentOS 3 / 4 : ImageMagick (CESA-2006:0633)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-340-1.NASL
    description Tavis Ormandy discovered several buffer overflows in imagemagick's Sun Raster and XCF (Gimp) image decoders. By tricking a user or automated system into processing a specially crafted image, this could be exploited to execute arbitrary code with the users' privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 27919
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27919
    title Ubuntu 5.04 / 5.10 / 6.06 LTS : imagemagick vulnerabilities (USN-340-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2006-0633.NASL
    description From Red Hat Security Advisory 2006:0633 : Updated ImageMagick packages that fix several security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick(TM) is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Tavis Ormandy discovered several integer and buffer overflow flaws in the way ImageMagick decodes XCF, SGI, and Sun bitmap graphic files. An attacker could execute arbitrary code on a victim's machine if they were able to trick the victim into opening a specially crafted image file. (CVE-2006-3743, CVE-2006-3744, CVE-2006-4144) Users of ImageMagick should upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67403
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67403
    title Oracle Linux 4 : ImageMagick (ELSA-2006-0633)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-155.NASL
    description Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted attackers to execute arbitrary code via crafted XCF images. (CVE-2006-3743) Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun bitmap images that trigger heap-based buffer overflows. (CVE-2006-3744) Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow. (CVE-2006-4144) The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 23899
    published 2006-12-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23899
    title Mandrake Linux Security Advisory : ImageMagick (MDKSA-2006:155)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1168.NASL
    description Several remote vulnerabilities have been discovered in Imagemagick, a collection of image manipulation tools, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-2440 Eero Hakkinen discovered that the display tool allocates insufficient memory for globbing patterns, which might lead to a buffer overflow. - CVE-2006-3743 Tavis Ormandy from the Google Security Team discovered that the Sun bitmap decoder performs insufficient input sanitising, which might lead to buffer overflows and the execution of arbitrary code. - CVE-2006-3744 Tavis Ormandy from the Google Security Team discovered that the XCF image decoder performs insufficient input sanitising, which might lead to buffer overflows and the execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 22710
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22710
    title Debian DSA-1168-1 : imagemagick - several vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_IMAGEMAGICK-2006.NASL
    description Several security problems have been fixed in ImageMagick : - CVE-2006-3744: Several heap buffer overflow were found in the Sun Bitmap decoder of ImageMagick by an audit by the Google Security Team. This problem could be exploited by an attacker to execute code. - CVE-2006-3743: Multiple buffer overflows were found in the XCF handling due to incorrect bounds checking by the Google Security Team. This problem could be exploited by an attacker to execute code. - CVE-2006-4144: A integer overflow in the ReadSGIImage function can be used by attackers to potentially execute code. - An infinite loop in ImageMagick caused by TransformHSB was fixed. - An infinite loop in handling of TIFF images was fixed.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27104
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27104
    title openSUSE 10 Security Update : ImageMagick (ImageMagick-2006)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_IMAGEMAGICK-2048.NASL
    description Several security problems have been fixed in ImageMagick : - Several heap buffer overflow were found in the Sun Bitmap decoder of ImageMagick by an audit by the Google Security Team. This problem could be exploited by an attacker to execute code. (CVE-2006-3744) - Multiple buffer overflows were found in the XCF plugin due to incorrect bounds checking by the Google Security Team. This problem could be exploited by an attacker to execute code. (CVE-2006-3743) - A integer overflow in the ReadSGIImage function can be used by attackers to potentially execute code. (CVE-2006-4144) - An infinite loop in ImageMagick caused by TransformHSB was fixed. - An infinite loop in handling of TIFF images was fixed.
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29347
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29347
    title SuSE 10 Security Update : ImageMagick (ZYPP Patch Number 2048)
oval via4
accepted 2013-04-29T04:23:08.472-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted attackers to execute arbitrary code via crafted XCF images.
family unix
id oval:org.mitre.oval:def:9895
status accepted
submitted 2010-07-09T03:56:16-04:00
title Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted attackers to execute arbitrary code via crafted XCF images.
version 23
redhat via4
advisories
rhsa
id RHSA-2006:0633
refmap via4
bid 19697
confirm https://issues.rpath.com/browse/RPL-605
debian DSA-1168
gentoo GLSA-200609-14
mandriva MDKSA-2006:155
misc http://bugs.gentoo.org/show_bug.cgi?id=144854
osvdb 28205
sectrack 1016749
secunia
  • 21615
  • 21621
  • 21671
  • 21679
  • 21719
  • 21780
  • 21832
  • 22036
  • 22096
sgi 20060901-01-P
suse SUSE-SA:2006:050
ubuntu USN-340-1
vupen ADV-2006-3375
xf imagemagick-propuserunit-bo(28575)
statements via4
contributor Mark J Cox
lastmodified 2007-03-14
organization Red Hat
statement Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Last major update 07-03-2011 - 21:39
Published 24-08-2006 - 21:04
Last modified 10-10-2017 - 21:31
Back to Top