Vulnerability Details : CVE-2006-2440
Heap-based buffer overflow in the libMagick component of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2006-2440
Probability of exploitation activity in the next 30 days: 1.24%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 84 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2006-2440
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
[email protected] |
Vendor statements for CVE-2006-2440
-
Red Hat 2006-09-19Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192278 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue does not affect Red Hat Enterprise Linux 2.1 or 3.
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9481
- http://www.debian.org/security/2006/dsa-1168
- http://www.redhat.com/support/errata/RHSA-2007-0015.html
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345595
Patch
- ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
- cpe:2.3:a:imagemagick:imagemagick:6.0.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.2.4:*:*:*:*:*:*:*