CVE-2006-2440
imagemagick
EPSS 1.8%
Description
Heap-based buffer overflow in the libMagick component of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function.
How to fix CVE-2006-2440
To remediate CVE-2006-2440, upgrade the affected package to a fixed version below.
- Debian/imagemagick—upgrade to 6:6.2.4.5-0.6 or later
- Debian/imagemagick—upgrade to 6:6.0.6.2-2.7 or later
Is CVE-2006-2440 being exploited?
Low — EPSS is 1.8%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 6:6.2.4.5-0.6
- from 0, < 6:6.0.6.2-2.7