Vulnerability Description
Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Imagemagick | Imagemagick | 6.2.3 |
Related Weaknesses (CWE)
References
- ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.ascPatch
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345876ExploitVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2006-0178.html
- http://secunia.com/advisories/18261Vendor Advisory
- http://secunia.com/advisories/18607PatchVendor Advisory
- http://secunia.com/advisories/18851PatchVendor Advisory
- http://secunia.com/advisories/18871Vendor Advisory
- http://secunia.com/advisories/19030PatchVendor Advisory
- http://secunia.com/advisories/19183PatchVendor Advisory
- http://secunia.com/advisories/19408Vendor Advisory
- http://secunia.com/advisories/22998Vendor Advisory
- http://secunia.com/advisories/23090Vendor Advisory
- http://secunia.com/advisories/28800Vendor Advisory
- http://securityreason.com/securityalert/500
- http://securitytracker.com/id?1015623
FAQ
What is CVE-2006-0082?
CVE-2006-0082 is a vulnerability with a CVSS score of 5.1 (MEDIUM). Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) an...
How severe is CVE-2006-0082?
CVE-2006-0082 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0082?
Check the references section above for vendor advisories and patch information. Affected products include: Imagemagick Imagemagick.