← back
CVE-2006-0082

CVE-2006-0082

EPSS 4.3%
Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.aschttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345876http://rhn.redhat.com/errata/RHSA-2006-0178.htmlhttp://secunia.com/advisories/18261http://secunia.com/advisories/18607http://secunia.com/advisories/18851http://secunia.com/advisories/18871http://secunia.com/advisories/19030http://secunia.com/advisories/19183http://secunia.com/advisories/19408http://secunia.com/advisories/22998http://secunia.com/advisories/23090