CVE - CVE-2006-0082

CVE-ID
CVE-2006-0082	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:12717 URL:http://www.securityfocus.com/bid/12717 BUGTRAQ:20061127 rPSA-2006-0218-1 ImageMagick URL:http://www.securityfocus.com/archive/1/452718/100/100/threaded CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345876 CONFIRM:https://issues.rpath.com/browse/RPL-389 DEBIAN:DSA-1213 URL:http://www.debian.org/security/2006/dsa-1213 GENTOO:GLSA-200602-06 URL:http://www.gentoo.org/security/en/glsa/glsa-200602-06.xml GENTOO:GLSA-200602-13.xml URL:http://www.gentoo.org/security/en/glsa/glsa-200602-13.xml MANDRIVA:MDKSA-2006:024 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:024~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:10717 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10717 REDHAT:RHSA-2006:0178 URL:http://rhn.redhat.com/errata/RHSA-2006-0178.html SECTRACK:1015623 URL:http://securitytracker.com/id?1015623 SECUNIA:18261 URL:http://secunia.com/advisories/18261 SECUNIA:18607 URL:http://secunia.com/advisories/18607 SECUNIA:18851 URL:http://secunia.com/advisories/18851 SECUNIA:18871 URL:http://secunia.com/advisories/18871 SECUNIA:19030 URL:http://secunia.com/advisories/19030 SECUNIA:19183 URL:http://secunia.com/advisories/19183 SECUNIA:19408 URL:http://secunia.com/advisories/19408 SECUNIA:22998 URL:http://secunia.com/advisories/22998 SECUNIA:23090 URL:http://secunia.com/advisories/23090 SECUNIA:28800 URL:http://secunia.com/advisories/28800 SGI:20060301-01-U URL:ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc SLACKWARE:SSA:2006-045-03 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.341682 SREASON:500 URL:http://securityreason.com/securityalert/500 SUNALERT:231321 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-231321-1~~ (Obsolete source) SUSE:SUSE-SR:2006:006 URL:http://www.novell.com/linux/security/advisories/2006_06_sr.html UBUNTU:USN-246-1 URL:http://www.ubuntu.com/usn/usn-246-1 VUPEN:ADV-2008-0412 URL:~~http://www.vupen.com/english/advisories/2008/0412~~ (Obsolete source)
Assigning CNA
Debian GNU/Linux
Date Record Created
20060104	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060104)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)