Launchpad CVE tracker

CVE 2006-4144

Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow.

Related bugs and status

CVE-2006-4144 (Candidate) is related to these bugs:

Bug #20599: imagemagick in combination with transcode fails (amd64)

Summary				In	Importance	Status
	20599	imagemagick in combination with transcode fails (amd64)		imagemagick (Ubuntu)	High	Fix Released
	20599	imagemagick in combination with transcode fails (amd64)		imagemagick (Debian)	Unknown	Fix Released

Bug #27767: Shell command injection in delegate code (via file names)

Summary				In	Importance	Status
	27767	Shell command injection in delegate code (via file names)		imagemagick (Ubuntu)	High	Fix Released
	27767	Shell command injection in delegate code (via file names)		imagemagick (Debian)	Unknown	Fix Released

Bug #27952: imagemagick: New format string vulnerability in SetImageInfo().

Summary				In	Importance	Status
	27952	imagemagick: New format string vulnerability in SetImageInfo().		imagemagick (Ubuntu)	High	Fix Released
	27952	imagemagick: New format string vulnerability in SetImageInfo().		imagemagick (Debian)	Unknown	Fix Released

Bug #28042: libmagick: array index overflow in DisplayImageCommand

Summary				In	Importance	Status
	28042	libmagick: array index overflow in DisplayImageCommand		imagemagick (Ubuntu)	High	Fix Released
	28042	libmagick: array index overflow in DisplayImageCommand		imagemagick (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2006-4144

References