CVE-2006-2440
ImageMagick 6.0.6.2 - Heap-Based Buffer Overflow in ExpandFilenames Function
Title source: llmDescription
Heap-based buffer overflow in the libMagick component of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function.
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9481
Patch x_refsource_confirm
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345595
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2006/dsa-1168
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24284
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21719
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0015.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24186
Vendor Advisory vendor-advisory
x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
Scores
EPSS
0.0183
EPSS Percentile
83.2%
Details
Status
published
Products (2)
imagemagick/imagemagick
6.0.6.2
imagemagick/imagemagick
6.2.4
Published
May 18, 2006
Tracked Since
Feb 18, 2026