Gentoo FoundationGLSA-200505-16ImageMagick, GraphicsMagick: Denial of Service vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
91.8%
Background
Both ImageMagick and GraphicsMagick are collection of tools to read, write and manipulate images in many formats.
Description
Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a Denial of Service vulnerability in the XWD decoder of ImageMagick and GraphicsMagick when setting a color mask to zero.
Impact
A remote attacker could submit a specially crafted image to a user or an automated system making use of an affected utility, resulting in a Denial of Service by consumption of CPU time.
Workaround
There is no known workaround at this time.
Resolution
All ImageMagick users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.2.2.3"
All GraphicsMagick users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/graphicsmagick-1.1.6-r1"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | media-gfx/imagemagick | < 6.2.2.3 | UNKNOWN |
| Gentoo | any | all | media-gfx/graphicsmagick | < 1.1.6-r1 | UNKNOWN |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
91.8%