Vulnerability Name:

CVE-2006-2440 (CCN-28203)

Assigned:2006-01-02
Published:2006-01-02
Updated:2017-10-12
Summary:Heap-based buffer overflow in the libMagick component of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function.
CVSS v3 Severity:4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:P)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: SGI
Type: UNKNOWN
20070201-01-P

Source: CCN
Type: Debian Bug report logs - #345595
libmagick: array index overflow in DisplayImageCommand

Source: CONFIRM
Type: Patch
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345595

Source: MITRE
Type: CNA
CVE-2006-2440

Source: CCN
Type: RHSA-2007-0015
Moderate: ImageMagick security update

Source: SECUNIA
Type: UNKNOWN
21719

Source: SECUNIA
Type: UNKNOWN
24186

Source: SECUNIA
Type: UNKNOWN
24284

Source: CCN
Type: ASA-2007-124
ImageMagick security update (RHSA-2007-0015)

Source: DEBIAN
Type: UNKNOWN
DSA-1168

Source: DEBIAN
Type: DSA-1168
imagemagick -- several vulnerabilities

Source: CCN
Type: ImageMagick Web site
Introduction to ImageMagick

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0015

Source: CCN
Type: BID-22692
Imagemagick Image Index Array Remote Heap Buffer Overflow Vulnerability

Source: XF
Type: UNKNOWN
libmagick-expandfilenames-bo(28203)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9481

Vulnerable Configuration:Configuration 1:
  • cpe:/a:imagemagick:imagemagick:6.0.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:imagemagick:imagemagick:6.2.4:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:9481
    V
    		Heap-based buffer overflow in the libMagick componet of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function.
    2013-04-29
    oval:com.redhat.rhsa:def:20070015
    P
    		RHSA-2007:0015: ImageMagick security update (Moderate)
    2007-02-15
    oval:org.debian:def:1168
    V
    		several vulnerabilities
    2006-09-04
    BACK
    imagemagick imagemagick 6.0.6.2
    imagemagick imagemagick 6.2.4