CVE-2006-5456 — MEDIUM (5.1)

Q: How severe is CVE-2006-5456?

CVE-2006-5456 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2006-5456?

Check the references section above for vendor advisories and patch information. Affected products include: Graphicsmagick Graphicsmagick, Imagemagick Imagemagick.

Vulnerability Description

Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c.

CVSS Score

5.1

MEDIUM

AV:N/AC:H/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Graphicsmagick	Graphicsmagick	<= 1.1.6
Imagemagick	Imagemagick	6.0.7

Related Weaknesses (CWE)

CWE-119

References

ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
http://packages.debian.org/changelogs/pool/main/g/graphicsmagick/graphicsmagick_
http://secunia.com/advisories/22569Vendor Advisory
http://secunia.com/advisories/22572Vendor Advisory
http://secunia.com/advisories/22601Vendor Advisory
http://secunia.com/advisories/22604Vendor Advisory
http://secunia.com/advisories/22819Vendor Advisory
http://secunia.com/advisories/22834Vendor Advisory
http://secunia.com/advisories/22998Vendor Advisory
http://secunia.com/advisories/23090Vendor Advisory
http://secunia.com/advisories/23121Vendor Advisory
http://secunia.com/advisories/24186Vendor Advisory
http://secunia.com/advisories/24196Vendor Advisory
http://secunia.com/advisories/24284Vendor Advisory
http://secunia.com/advisories/24458Vendor Advisory

FAQ

What is CVE-2006-5456?

CVE-2006-5456 is a vulnerability with a CVSS score of 5.1 (MEDIUM). Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that i...

How severe is CVE-2006-5456?

CVE-2006-5456 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-5456?

Check the references section above for vendor advisories and patch information. Affected products include: Graphicsmagick Graphicsmagick, Imagemagick Imagemagick.