CVE - CVE-2006-5456

CVE-ID
CVE-2006-5456	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20061127 rPSA-2006-0218-1 ImageMagick URL:http://www.securityfocus.com/archive/1/452718/100/100/threaded BUGTRAQ:20070208 rPSA-2007-0029-1 ImageMagick URL:http://www.securityfocus.com/archive/1/459507/100/0/threaded CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210921 CONFIRM:http://packages.debian.org/changelogs/pool/main/g/graphicsmagick/graphicsmagick_1.1.7-9/changelog#versionversion1.1.7-9 CONFIRM:https://issues.rpath.com/browse/RPL-1034 CONFIRM:https://issues.rpath.com/browse/RPL-811 DEBIAN:DSA-1213 URL:http://www.debian.org/security/2006/dsa-1213 GENTOO:GLSA-200611-07 URL:http://security.gentoo.org/glsa/glsa-200611-07.xml GENTOO:GLSA-200611-19 URL:http://security.gentoo.org/glsa/glsa-200611-19.xml MANDRIVA:MDKSA-2006:193 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:193 MANDRIVA:MDKSA-2007:041 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:041 REDHAT:RHSA-2007:0015 URL:http://www.redhat.com/support/errata/RHSA-2007-0015.html SGI:20070201-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc SLACKWARE:SSA:2007-066-06 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.352092 SUSE:SUSE-SA:2006:066 URL:http://www.novell.com/linux/security/advisories/2006_66_imagemagick.html SUSE:SUSE-SR:2007:003 URL:http://www.novell.com/linux/security/advisories/2007_3_sr.html UBUNTU:USN-372-1 URL:http://www.ubuntu.com/usn/usn-372-1 UBUNTU:USN-422-1 URL:http://www.ubuntu.com/usn/usn-422-1 BID:20707 URL:http://www.securityfocus.com/bid/20707 OVAL:oval:org.mitre.oval:def:9765 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9765 VUPEN:ADV-2006-4170 URL:http://www.vupen.com/english/advisories/2006/4170 VUPEN:ADV-2006-4171 URL:http://www.vupen.com/english/advisories/2006/4171 OSVDB:29990 URL:http://www.osvdb.org/29990 SECUNIA:22569 URL:http://secunia.com/advisories/22569 SECUNIA:22572 URL:http://secunia.com/advisories/22572 SECUNIA:22604 URL:http://secunia.com/advisories/22604 SECUNIA:22601 URL:http://secunia.com/advisories/22601 SECUNIA:22819 URL:http://secunia.com/advisories/22819 SECUNIA:22834 URL:http://secunia.com/advisories/22834 SECUNIA:22998 URL:http://secunia.com/advisories/22998 SECUNIA:23121 URL:http://secunia.com/advisories/23121 SECUNIA:23090 URL:http://secunia.com/advisories/23090 SECUNIA:24186 URL:http://secunia.com/advisories/24186 SECUNIA:24196 URL:http://secunia.com/advisories/24196 SECUNIA:24458 URL:http://secunia.com/advisories/24458 SECUNIA:24284 URL:http://secunia.com/advisories/24284 XF:imagemagick-graphicsmagick-palm-bo(29816) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/29816
Assigning CNA
N/A
Date Entry Created
20061023	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20061023)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Use of the Common Vulnerabilities and Exposures (CVE®) List and the associated references from this website are subject to the terms of use. CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 1999–2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. For more information, please contact us.