CVE-2006-4144 — Vulnetix

Try Vulnetix Request Demo

CVE-2006-4144 PUBLISHED CVSS 2.5999999046325684 LOW

Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow.

EPSS 19.08% · 95.3th percentile

Risk Scores

CVSS v2.0

2.5999999046325684

EPSS Score

19.08%

95.3th percentile

Affected Products

Vendor	Product	Versions
imagemagick	imagemagick	6.2.8, 6.0.1, 6.0.2
n/a	n/a	n/a

Timeline

Aug 15, 2006 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 3, 2022 CVE Updated
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 12, 2023 EPSS Score
Jun 19, 2023 EPSS Score

References

19507 vdb
21679 third-party-advisory
imagemagick-readsgiimage-bo(28372) vdb
21671 third-party-advisory
21832 third-party-advisory
http://www.overflow.pl/adv/imsgiheap.txt url
SUSE-SA:2006:050 vendor-advisory
oval:org.mitre.oval:def:11129 vdb
20060816 Re: [Overflow.pl] ImageMagick ReadSGIImage() Heap Overflow mailing-list
https://issues.rpath.com/browse/RPL-605 url
MDKSA-2006:155 vendor-advisory
GLSA-200609-14 vendor-advisory
22096 third-party-advisory
21621 third-party-advisory
20060901-01-P vendor-advisory
USN-337-1 vendor-advisory
RHSA-2006:0633 vendor-advisory
21462 third-party-advisory
1016699 vdb
22998 third-party-advisory

…and 6 more

Open in Interactive Console →