CVE-2006-5456

GraphicsMagick < 1.1.7 - Buffer Overflow in DCM and PALM Image Parsing

Title source: llm

Description

Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c.

References (37)

Core 37

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/24196

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/4170

Various Sources x_refsource_confirm

http://packages.debian.org/changelogs/pool/main/g/graphicsmagick/graphicsmagick_1.1.7-9/changelog#versionversion1.1.7-9

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/22572

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200611-07.xml

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/22601

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/24458

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/452718/100/100/threaded

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/22834

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9765

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/29816

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/23090

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/24284

Issue Tracking x_refsource_confirm

https://issues.rpath.com/browse/RPL-1034

Vendor Advisory vendor-advisory x_refsource_suse

http://www.novell.com/linux/security/advisories/2006_66_imagemagick.html

Vendor Advisory vendor-advisory x_refsource_slackware

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.352092

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/22819

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/22604

Vendor Advisory vendor-advisory x_refsource_suse

http://www.novell.com/linux/security/advisories/2007_3_sr.html

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/usn-422-1

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/459507/100/0/threaded

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200611-19.xml

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/20707

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/23121

Issue Tracking x_refsource_confirm

https://issues.rpath.com/browse/RPL-811

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2007-0015.html

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/4171

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/22998

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/24186

Vendor Advisory vendor-advisory x_refsource_sgi

ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2006/dsa-1213

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/29990

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/usn-372-1

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/22569

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDKSA-2006:193

Patch x_refsource_confirm

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210921

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDKSA-2007:041

Scores

EPSS 0.0085

EPSS Percentile 75.1%

Details

CWE

CWE-119

Status published

Products (8)

graphicsmagick/graphicsmagick 1.0

graphicsmagick/graphicsmagick 1.0.6

graphicsmagick/graphicsmagick 1.1

graphicsmagick/graphicsmagick 1.1.3

graphicsmagick/graphicsmagick 1.1.4

graphicsmagick/graphicsmagick 1.1.5

graphicsmagick/graphicsmagick < 1.1.6

imagemagick/imagemagick 6.0.7

Published Oct 23, 2006

Tracked Since Feb 18, 2026