Bug 177093 - VUL-0: imagemagick buffer overflow
VUL-0: imagemagick buffer overflow
Status: RESOLVED DUPLICATE of bug 141390
Classification: openSUSE
Product: SUSE Linux 10.1
Classification: openSUSE
Component: Basesystem
Final
Other Other
: P5 - None : Normal (vote)
: ---
Assigned To: Vladimir Nadvornik
E-mail List
CVE-2006-2440: CVSS v2 Base Score: 7....
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-05-19 09:14 UTC by Marcus Meissner
Modified: 2009-10-13 21:59 UTC (History)
1 user (show)

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2006-05-19 09:14:29 UTC
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2440

Heap-based buffer overflow in the libMagick componet of ImageMagick
6.0.6.2 might allow attackers to execute arbitrary code via an image
index array that triggers the overflow during filename glob expansion
by the ExpandFilenames function.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345595

(if this can only be triggered locally, stable fix is sufficient).
Comment 1 Vladimir Nadvornik 2006-05-19 09:38:57 UTC
We already have this patch, under name ImageMagick-6.2.5-arg-expansion.patch.
It was added togeter with fix for bug #141390

*** This bug has been marked as a duplicate of 141390 ***
Comment 2 Thomas Biege 2009-10-13 21:59:53 UTC
CVE-2006-2440: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)