CVE-2006-2440

NameCVE-2006-2440
DescriptionHeap-based buffer overflow in the libMagick component of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1168-1
Debian Bugs345595

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
imagemagick (PTS)bullseye8:6.9.11.60+dfsg-1.3+deb11u4fixed
bullseye (security)8:6.9.11.60+dfsg-1.3+deb11u6fixed
bookworm8:6.9.11.60+dfsg-1.6+deb12u3fixed
bookworm (security)8:6.9.11.60+dfsg-1.6+deb12u4fixed
trixie8:7.1.1.43+dfsg1-1+deb13u1fixed
trixie (security)8:7.1.1.43+dfsg1-1+deb13u2fixed
forky, sid8:7.1.2.3+dfsg1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
imagemagicksourcesarge6:6.0.6.2-2.7DSA-1168-1
imagemagicksource(unstable)6:6.2.4.5-0.6345595
Search for package or bug name: Reporting problems