Detections
Analytics

CVE-2006-2440

high

Description

Heap-based buffer overflow in the libMagick component of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9481

http://www.redhat.com/support/errata/RHSA-2007-0015.html

http://www.debian.org/security/2006/dsa-1168

http://secunia.com/advisories/24284

http://secunia.com/advisories/24186

http://secunia.com/advisories/21719

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345595

Details

Source: Mitre, NVD

Published: 2006-05-18

Updated: 2025-04-03

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.0183