CVE-2006-4144

Description

Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow.

How to fix CVE-2006-4144

To remediate CVE-2006-4144, upgrade the affected package to a fixed version below.

• Debian/graphicsmagick—upgrade to 1.1.7-7 or later
• Debian/imagemagick—upgrade to 7:6.2.4.5.dfsg1-0.10 or later

Is CVE-2006-4144 being exploited?

Moderate — EPSS is 19.1%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

• from 0, < 1.1.7-7
• from 0, < 7:6.2.4.5.dfsg1-0.10

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2006-4144