CVE-2006-5456

Published Oct 23, 2006

Last updated 6 years ago

CVSS info 5.1

Overview

Description: Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 5.1
Impact score: 6.4
Exploitability score: 4.9
Vector string: AV:N/AC:H/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Evaluator

Comment: -
Impact: -
Solution: -

Vendor comments

Red HatRed Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC789D21-4F86-4928-AA6E-BB5F289A4846",
            "versionEndIncluding": "1.1.6"
          },
          {
            "criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E3834A3-8A7E-4914-A20C-EE694150D044"
          },
          {
            "criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD7E2792-B4BC-4C71-990D-0B7462919568"
          },
          {
            "criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "10F2FD22-4058-45D6-8352-0AA6382746C8"
          },
          {
            "criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1BF103AE-6F15-4F2D-A375-F2AF91171EE0"
          },
          {
            "criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "65929D5C-31B1-4A70-8E9C-AC6749332480"
          },
          {
            "criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC45DB14-ABB2-4116-930D-349A81CDB982"
          },
          {
            "criteria": "cpe:2.3:a:imagemagick:imagemagick:6.0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ABC271B0-ACAC-478E-B00B-FFBAAE33B5E8"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Evaluator

Vendor comments

Configurations

References