CVE-2006-2440

Heap-based buffer overflow in the libMagick component of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function.

Published: May 18, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-2440
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
imagemagick / imagemagick	6.0.6.2	6.0.6.2.x
imagemagick / imagemagick	6.2.4	6.2.4.x

ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345595
http://secunia.com/advisories/21719
http://secunia.com/advisories/24186
http://secunia.com/advisories/24284
http://www.debian.org/security/2006/dsa-1168
http://www.redhat.com/support/errata/RHSA-2007-0015.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9481

Vulnerability Database

289,599

CVE-2006-2440