ID CVE-2006-4144
Summary Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow.
References
Vulnerable Configurations
  • ImageMagick 6.0.1
    cpe:2.3:a:imagemagick:imagemagick:6.0.1
  • ImageMagick 6.0.2
    cpe:2.3:a:imagemagick:imagemagick:6.0.2
  • ImageMagick 6.0.2.5
    cpe:2.3:a:imagemagick:imagemagick:6.0.2.5
  • ImageMagick 6.0.3
    cpe:2.3:a:imagemagick:imagemagick:6.0.3
  • ImageMagick 6.0.4
    cpe:2.3:a:imagemagick:imagemagick:6.0.4
  • ImageMagick 6.0.5
    cpe:2.3:a:imagemagick:imagemagick:6.0.5
  • ImageMagick 6.0.6
    cpe:2.3:a:imagemagick:imagemagick:6.0.6
  • ImageMagick 6.0.7
    cpe:2.3:a:imagemagick:imagemagick:6.0.7
  • ImageMagick 6.0.8
    cpe:2.3:a:imagemagick:imagemagick:6.0.8
  • ImageMagick 6.1
    cpe:2.3:a:imagemagick:imagemagick:6.1
  • ImageMagick 6.1.1.6
    cpe:2.3:a:imagemagick:imagemagick:6.1.1.6
  • ImageMagick 6.1.2
    cpe:2.3:a:imagemagick:imagemagick:6.1.2
  • ImageMagick 6.1.3
    cpe:2.3:a:imagemagick:imagemagick:6.1.3
  • ImageMagick 6.1.4
    cpe:2.3:a:imagemagick:imagemagick:6.1.4
  • ImageMagick 6.1.5
    cpe:2.3:a:imagemagick:imagemagick:6.1.5
  • ImageMagick 6.1.6
    cpe:2.3:a:imagemagick:imagemagick:6.1.6
  • ImageMagick 6.1.7
    cpe:2.3:a:imagemagick:imagemagick:6.1.7
  • ImageMagick 6.1.8
    cpe:2.3:a:imagemagick:imagemagick:6.1.8
  • ImageMagick 6.2
    cpe:2.3:a:imagemagick:imagemagick:6.2
  • ImageMagick 6.2.0.4
    cpe:2.3:a:imagemagick:imagemagick:6.2.0.4
  • ImageMagick 6.2.0.7
    cpe:2.3:a:imagemagick:imagemagick:6.2.0.7
  • ImageMagick 6.2.1
    cpe:2.3:a:imagemagick:imagemagick:6.2.1
  • ImageMagick 6.2.2
    cpe:2.3:a:imagemagick:imagemagick:6.2.2
  • ImageMagick 6.2.4
    cpe:2.3:a:imagemagick:imagemagick:6.2.4
  • ImageMagick 6.2.4.5
    cpe:2.3:a:imagemagick:imagemagick:6.2.4.5
  • ImageMagick 6.2.5
    cpe:2.3:a:imagemagick:imagemagick:6.2.5
  • ImageMagick 6.2.6
    cpe:2.3:a:imagemagick:imagemagick:6.2.6
  • ImageMagick 6.2.7
    cpe:2.3:a:imagemagick:imagemagick:6.2.7
  • ImageMagick 6.2.8
    cpe:2.3:a:imagemagick:imagemagick:6.2.8
CVSS
Base: 2.6 (as of 15-08-2006 - 22:02)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
exploit-db via4
description ImageMagick 6.x SGI Image File Remote Heap Buffer Overflow Vulnerability. CVE-2006-4144. Dos exploit for linux platform
id EDB-ID:28383
last seen 2016-02-03
modified 2006-08-14
published 2006-08-14
reporter Damian Put
source https://www.exploit-db.com/download/28383/
title ImageMagick 6.x SGI Image File Remote Heap Buffer Overflow Vulnerability
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200609-14.NASL
    description The remote host is affected by the vulnerability described in GLSA-200609-14 (ImageMagick: Multiple Vulnerabilities) Tavis Ormandy of the Google Security Team discovered a stack and heap buffer overflow in the GIMP XCF Image decoder and multiple heap and integer overflows in the SUN bitmap decoder. Damian Put discovered a heap overflow in the SGI image decoder. Impact : An attacker may be able to create a specially crafted image that, when processed with ImageMagick, executes arbitrary code with the privileges of the executing user. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 22458
    published 2006-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22458
    title GLSA-200609-14 : ImageMagick: Multiple Vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0633.NASL
    description Updated ImageMagick packages that fix several security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick(TM) is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Tavis Ormandy discovered several integer and buffer overflow flaws in the way ImageMagick decodes XCF, SGI, and Sun bitmap graphic files. An attacker could execute arbitrary code on a victim's machine if they were able to trick the victim into opening a specially crafted image file. (CVE-2006-3743, CVE-2006-3744, CVE-2006-4144) Users of ImageMagick should upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 22292
    published 2006-08-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22292
    title RHEL 2.1 / 3 / 4 : ImageMagick (RHSA-2006:0633)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2006-0633.NASL
    description Updated ImageMagick packages that fix several security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick(TM) is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Tavis Ormandy discovered several integer and buffer overflow flaws in the way ImageMagick decodes XCF, SGI, and Sun bitmap graphic files. An attacker could execute arbitrary code on a victim's machine if they were able to trick the victim into opening a specially crafted image file. (CVE-2006-3743, CVE-2006-3744, CVE-2006-4144) Users of ImageMagick should upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 22280
    published 2006-08-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22280
    title CentOS 3 / 4 : ImageMagick (CESA-2006:0633)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2006-0633.NASL
    description From Red Hat Security Advisory 2006:0633 : Updated ImageMagick packages that fix several security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick(TM) is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Tavis Ormandy discovered several integer and buffer overflow flaws in the way ImageMagick decodes XCF, SGI, and Sun bitmap graphic files. An attacker could execute arbitrary code on a victim's machine if they were able to trick the victim into opening a specially crafted image file. (CVE-2006-3743, CVE-2006-3744, CVE-2006-4144) Users of ImageMagick should upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67403
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67403
    title Oracle Linux 4 : ImageMagick (ELSA-2006-0633)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-155.NASL
    description Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted attackers to execute arbitrary code via crafted XCF images. (CVE-2006-3743) Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun bitmap images that trigger heap-based buffer overflows. (CVE-2006-3744) Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow. (CVE-2006-4144) The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 23899
    published 2006-12-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23899
    title Mandrake Linux Security Advisory : ImageMagick (MDKSA-2006:155)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-1340.NASL
    description Maintainance update fixing several security issues and bugs. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 27710
    published 2007-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27710
    title Fedora 7 : GraphicsMagick-1.1.8-2.fc7 (2007-1340)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_IMAGEMAGICK-2006.NASL
    description Several security problems have been fixed in ImageMagick : - CVE-2006-3744: Several heap buffer overflow were found in the Sun Bitmap decoder of ImageMagick by an audit by the Google Security Team. This problem could be exploited by an attacker to execute code. - CVE-2006-3743: Multiple buffer overflows were found in the XCF handling due to incorrect bounds checking by the Google Security Team. This problem could be exploited by an attacker to execute code. - CVE-2006-4144: A integer overflow in the ReadSGIImage function can be used by attackers to potentially execute code. - An infinite loop in ImageMagick caused by TransformHSB was fixed. - An infinite loop in handling of TIFF images was fixed.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27104
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27104
    title openSUSE 10 Security Update : ImageMagick (ImageMagick-2006)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1213.NASL
    description Several remote vulnerabilities have been discovered in Imagemagick, a collection of image manipulation programs, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-0082 Daniel Kobras discovered that Imagemagick is vulnerable to format string attacks in the filename parsing code. - CVE-2006-4144 Damian Put discovered that Imagemagick is vulnerable to buffer overflows in the module for SGI images. - CVE-2006-5456 M Joonas Pihlaja discovered that Imagemagick is vulnerable to buffer overflows in the module for DCM and PALM images. - CVE-2006-5868 Daniel Kobras discovered that Imagemagick is vulnerable to buffer overflows in the module for SGI images. This update also addresses regressions in the XCF codec, which were introduced in the previous security update.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 23662
    published 2006-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23662
    title Debian DSA-1213-1 : imagemagick - several vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-337-1.NASL
    description Damian Put discovered a buffer overflow in imagemagick's SGI file format decoder. By tricking an user or automated system into processing a specially crafted SGI image, this could be exploited to execute arbitrary code with the user's privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 27916
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27916
    title Ubuntu 5.04 / 5.10 / 6.06 LTS : imagemagick vulnerability (USN-337-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-386-1.NASL
    description Daniel Kobras discovered multiple buffer overflows in ImageMagick's SGI file format decoder. By tricking a user or an automated system into processing a specially crafted SGI image, this could be exploited to execute arbitrary code with the user's privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 27969
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27969
    title Ubuntu 5.10 / 6.06 LTS : imagemagick vulnerability (USN-386-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_IMAGEMAGICK-2048.NASL
    description Several security problems have been fixed in ImageMagick : - Several heap buffer overflow were found in the Sun Bitmap decoder of ImageMagick by an audit by the Google Security Team. This problem could be exploited by an attacker to execute code. (CVE-2006-3744) - Multiple buffer overflows were found in the XCF plugin due to incorrect bounds checking by the Google Security Team. This problem could be exploited by an attacker to execute code. (CVE-2006-3743) - A integer overflow in the ReadSGIImage function can be used by attackers to potentially execute code. (CVE-2006-4144) - An infinite loop in ImageMagick caused by TransformHSB was fixed. - An infinite loop in handling of TIFF images was fixed.
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29347
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29347
    title SuSE 10 Security Update : ImageMagick (ZYPP Patch Number 2048)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_IMAGEMAGICK-2414.NASL
    description A security problem was fixed in ImageMagick during decoding SGI images. The issue in question is CVE-2006-4144 which we addressed before was not completely fixed.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27106
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27106
    title openSUSE 10 Security Update : ImageMagick (ImageMagick-2414)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_IMAGEMAGICK-2412.NASL
    description A security problem was fixed in ImageMagick during decoding SGI images. The issue in question is CVE-2006-4144 which we addressed before was not completely fixed.
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29349
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29349
    title SuSE 10 Security Update : ImageMagick (ZYPP Patch Number 2412)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-223.NASL
    description Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image. Updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 24607
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24607
    title Mandrake Linux Security Advisory : ImageMagick (MDKSA-2006:223)
oval via4
accepted 2013-04-29T04:11:42.877-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow.
family unix
id oval:org.mitre.oval:def:11129
status accepted
submitted 2010-07-09T03:56:16-04:00
title Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow.
version 23
redhat via4
advisories
bugzilla
id 202771
title CVE-2006-4144 ImageMagick ReadSGIImage() integer overflow
oval
OR
  • AND
    comment Red Hat Enterprise Linux 3 is installed
    oval oval:com.redhat.rhsa:tst:20060015001
  • AND
    comment Red Hat Enterprise Linux 4 is installed
    oval oval:com.redhat.rhsa:tst:20060016001
rhsa
id RHSA-2006:0633
released 2006-08-24
severity Moderate
title RHSA-2006:0633: ImageMagick security update (Moderate)
refmap via4
bid 19507
bugtraq
  • 20060814 [Overflow.pl] ImageMagick ReadSGIImage() Heap Overflow
  • 20060816 Re: [Overflow.pl] ImageMagick ReadSGIImage() Heap Overflow
confirm https://issues.rpath.com/browse/RPL-605
debian DSA-1213
gentoo GLSA-200609-14
mandriva MDKSA-2006:155
misc http://www.overflow.pl/adv/imsgiheap.txt
sectrack 1016699
secunia
  • 21462
  • 21525
  • 21621
  • 21671
  • 21679
  • 21832
  • 22036
  • 22096
  • 22998
sgi 20060901-01-P
sreason 1385
suse SUSE-SA:2006:050
ubuntu USN-337-1
xf imagemagick-readsgiimage-bo(28372)
statements via4
contributor Mark J Cox
lastmodified 2007-03-14
organization Red Hat
statement Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Last major update 15-09-2010 - 01:14
Published 15-08-2006 - 19:04
Last modified 17-10-2018 - 17:33
Back to Top