7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.014 Low
EPSS
Percentile
86.4%
Multiple vulnerabilities have been discovered in ImageMagick.
ImageMagick before 6.3.5-9 allows context-dependent attackers
to cause a denial of service via a crafted image file that
triggers (1) an infinite loop in the ReadDCMImage function,
related to ReadBlobByte function calls; or (2) an infinite
loop in the ReadXCFImage function, related to ReadBlobMSBLong
function calls.
Multiple integer overflows in ImageMagick before 6.3.5-9
allow context-dependent attackers to execute arbitrary code
via a crafted (1) .dcm, (2) .dib, (3) .xbm, (4) .xcf, or (5)
.xwd image file, which triggers a heap-based buffer overflow.
Off-by-one error in the ReadBlobString function in blob.c in
ImageMagick before 6.3.5-9 allows context-dependent attackers
to execute arbitrary code via a crafted image file, which
triggers the writing of a ‘\0’ character to an out-of-bounds
address.
Sign extension error in the ReadDIBImage function in
ImageMagick before 6.3.5-9 allows context-dependent attackers
to execute arbitrary code via a crafted width value in an
image file, which triggers an integer overflow and a
heap-based buffer overflow.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | imagemagick | < 6.3.5.9 | UNKNOWN |
FreeBSD | any | noarch | imagemagick-nox11 | < 6.3.5.9 | UNKNOWN |
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.014 Low
EPSS
Percentile
86.4%