CVE-2006-3744

Description

Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun Rasterfile (bitmap) images that trigger heap-based buffer overflows.

How to fix CVE-2006-3744

To remediate CVE-2006-3744, upgrade the affected package to a fixed version below.

• Debian/graphicsmagick—upgrade to 1.1.7-7 or later
• Debian/imagemagick—upgrade to 7:6.2.4.5.dfsg1-0.10 or later

Is CVE-2006-3744 being exploited?

Low — EPSS is 2.1%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• from 0, < 1.1.7-7
• from 0, < 7:6.2.4.5.dfsg1-0.10

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2006-3744