Vulnerability CVE-2006-0082

Vulnerability Name:

CVE-2006-0082 (CCN-19586)

Assigned:

2006-01-04

Published:

2006-01-04

Updated:

2018-10-19

Summary:

Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-134

Vulnerability Consequences:

Gain Access

References:

Source: SGI
Type: Patch
20060301-01-U

Source: CONFIRM
Type: Exploit, Vendor Advisory
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345876

Source: MITRE
Type: CNA
CVE-2005-0397

Source: MITRE
Type: CNA
CVE-2006-0082

Source: CCN
Type: RHSA-2005-070
ImageMagick security update

Source: CCN
Type: RHSA-2005-320
ImageMagick security update

Source: CCN
Type: RHSA-2006-0178
ImageMagick security update

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0178

Source: CCN
Type: SA18261
ImageMagick Utilities Image Filename Handling Two Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
18261

Source: SECUNIA
Type: Patch, Vendor Advisory
18607

Source: SECUNIA
Type: Patch, Vendor Advisory
18851

Source: SECUNIA
Type: Vendor Advisory
18871

Source: SECUNIA
Type: Patch, Vendor Advisory
19030

Source: SECUNIA
Type: Patch, Vendor Advisory
19183

Source: SECUNIA
Type: Vendor Advisory
19408

Source: SECUNIA
Type: Vendor Advisory
22998

Source: SECUNIA
Type: Vendor Advisory
23090

Source: CCN
Type: SA28800
Sun Solaris ImageMagick Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
28800

Source: SREASON
Type: UNKNOWN
500

Source: CCN
Type: SECTRACK ID: 1015623
ImageMagick SetImageInfo() Format String Bug May Let Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1015623

Source: SLACKWARE
Type: Patch
SSA:2006-045-03

Source: SUNALERT
Type: UNKNOWN
231321

Source: CCN
Type: Sun Alert ID: 231321
Security Vulnerabilities in ImageMagick May Lead to Arbitrary Code Execution or Denial of Service (DoS)

Source: CCN
Type: ASA-2006-048
ImageMagick security update (RHSA-2006-0178)

Source: CCN
Type: ASA-2008-055
Security Vulnerabilities in ImageMagick May Lead to Arbitrary Code Execution or Denial of Service (DoS) (Sun 231321)

Source: DEBIAN
Type: UNKNOWN
DSA-1213

Source: DEBIAN
Type: DSA-1213
imagemagick -- several vulnerabilities

Source: DEBIAN
Type: DSA-702
imagemagick -- several vulnerabilities

Source: CCN
Type: GLSA-200503-11
ImageMagick: Filename handling vulnerability

Source: CCN
Type: GLSA-200602-06
ImageMagick: Format string vulnerability

Source: GENTOO
Type: Patch, Vendor Advisory
GLSA-200602-06

Source: CCN
Type: GLSA-200602-13
GraphicsMagick: Format string vulnerability

Source: GENTOO
Type: Patch, Vendor Advisory
GLSA-200602-13.xml

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:024

Source: SUSE
Type: UNKNOWN
SUSE-SR:2006:006

Source: BUGTRAQ
Type: UNKNOWN
20061127 rPSA-2006-0218-1 ImageMagick

Source: BID
Type: Patch
12717

Source: CCN
Type: BID-12717
ImageMagick File Name Handling Remote Format String Vulnerability

Source: CCN
Type: TLSA-2005-47
Multiple vulnerabilities exist in ImageMagick

Source: CCN
Type: USN-246-1
imagemagick vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-246-1

Source: CCN
Type: USN-90-1
Imagemagick vulnerability

Source: VUPEN
Type: Vendor Advisory
ADV-2008-0412

Source: XF
Type: UNKNOWN
imagemagick-filename-format-string(19586)

Source: CONFIRM
Type: UNKNOWN
https://issues.rpath.com/browse/RPL-389

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10717

Source: SUSE
Type: SUSE-SA:2005:017
ImageMagick: remote code execution

Source: SUSE
Type: SUSE-SR:2006:006
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:imagemagick:imagemagick:6.2.3:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20060082	V	CVE-2006-0082	2022-06-30
oval:org.opensuse.security:def:111893	P	ImageMagick-7.1.0.8-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:105471	P	ImageMagick-7.1.0.8-1.2 on GA media (Moderate)	2021-10-01
oval:org.mitre.oval:def:10717	V	Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program.	2013-04-29
oval:org.debian:def:1213	V	several vulnerabilities	2006-11-19
oval:com.redhat.rhsa:def:20060178	P	RHSA-2006:0178: ImageMagick security update (Moderate)	2006-02-14

BACK