FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ImageMagick -- SGI Image File heap overflow vulnerability

Affected packages
6.0.0 <= ImageMagick < 6.2.9
6.0.0 <= ImageMagick-nox11 < 6.2.9

Details

VuXML ID 18e3a5be-81f9-11db-95a2-0012f06707f0
Discovery 2006-11-14
Entry 2006-12-02

SecurityFocus reports about ImageMagick:

ImageMagick is prone to a remote heap-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Exploiting this issue allows attackers to execute arbitrary machine code in the context of applications that use the ImageMagick library.

References

Bugtraq ID 21185
CVE Name CVE-2006-5868
URL http://www.securityfocus.com/bid/21185/discuss