5.1

CVE-2006-0082

Exploit
Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ImagemagickImagemagick Version6.2.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.34% 0.899
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.1 4.9 6.4
AV:N/AC:H/Au:N/C:P/I:P/A:P
CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

http://secunia.com/advisories/28800
Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-231321-1
http://www.vupen.com/english/advisories/2008/0412
Vendor Advisory
ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc
Patch
http://secunia.com/advisories/19183
Patch
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2006-0178.html
http://secunia.com/advisories/18261
Vendor Advisory
http://secunia.com/advisories/18607
Patch
Vendor Advisory
http://secunia.com/advisories/18871
Vendor Advisory
http://secunia.com/advisories/19408
Vendor Advisory
http://secunia.com/advisories/23090
Vendor Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.341682
Patch
http://www.mandriva.com/security/advisories?name=MDKSA-2006:024
http://www.novell.com/linux/security/advisories/2006_06_sr.html
http://www.securityfocus.com/archive/1/452718/100/100/threaded
http://www.ubuntu.com/usn/usn-246-1
https://issues.rpath.com/browse/RPL-389
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345876
Vendor Advisory
Exploit
http://secunia.com/advisories/18851
Patch
Vendor Advisory
http://secunia.com/advisories/19030
Patch
Vendor Advisory
http://secunia.com/advisories/22998
Vendor Advisory
http://securityreason.com/securityalert/500
http://securitytracker.com/id?1015623
http://www.debian.org/security/2006/dsa-1213
http://www.gentoo.org/security/en/glsa/glsa-200602-06.xml
Patch
Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200602-13.xml
Patch
Vendor Advisory
http://www.securityfocus.com/bid/12717
Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10717