OpenCVE

Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ImageMagick 6.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a PNM file with a small colors value.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Graphicsmagick	Graphicsmagick
Imagemagick	Imagemagick
Redhat	Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:a:graphicsmagick:graphicsmagick:1.0:::::::*
	cpe:2.3:a:graphicsmagick:graphicsmagick:1.0.6:::::::*
	cpe:2.3:a:graphicsmagick:graphicsmagick:1.1:::::::*
	cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.3:::::::*
	cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.4:::::::*
	cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.5:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.0:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.0.1:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.0.2:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.0.2.5:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.0.3:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.0.4:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.0.5:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.0.6:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.0.7:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.0.8:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.1:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.1.1.6:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.1.2:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.1.3:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.1.4:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.1.5:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.1.6:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.1.7:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.1.8:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.2:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.2.0.4:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.2.0.7:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.2.1:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 3
ImageMagick-0:5.5.6-14	cpe:/o:redhat:enterprise_linux:3	RHSA-2005:413	2005-05-25T00:00:00Z
Red Hat Enterprise Linux 4
ImageMagick-0:6.0.7.1-11	cpe:/o:redhat:enterprise_linux:4	RHSA-2005:413	2005-05-25T00:00:00Z

References

Link	Providers
http://bugs.gentoo.org/show_bug.cgi?id=90423
http://seclists.org/lists/bugtraq/2005/Apr/0407.html
http://www.imagemagick.org/script/changelog.php
http://www.mandriva.com/security/advisories?name=MDKSA-2005:107
http://www.overflow.pl/adv/imheapoverflow.txt
http://www.redhat.com/support/errata/RHSA-2005-413.html
http://www.securityfocus.com/bid/13351
https://nvd.nist.gov/vuln/detail/CVE-2005-1275
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10003
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A711
https://www.cve.org/CVERecord?id=CVE-2005-1275

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2005-04-26T04:00:00

Updated: 2024-08-07T21:44:05.737Z

Reserved: 2005-04-26T00:00:00

Link: CVE-2005-1275

Vulnrichment

No data.

NVD

Status : Modified

Published: 2005-04-25T04:00:00.000

Modified: 2017-10-11T01:30:06.733

Link: CVE-2005-1275

Redhat

Severity : Important

Publid Date: 2005-04-24T00:00:00Z

Links: CVE-2005-1275 - Bugzilla

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object