CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
83.2%
Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image.
Vendor | Product | Version | CPE |
---|---|---|---|
imagemagick | imagemagick | * | cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:* |
imagemagick | imagemagick | 7.0.1-0 | cpe:2.3:a:imagemagick:imagemagick:7.0.1-0:*:*:*:*:*:*:* |
imagemagick | imagemagick | 7.0.1-1 | cpe:2.3:a:imagemagick:imagemagick:7.0.1-1:*:*:*:*:*:*:* |
imagemagick | imagemagick | 7.0.1-2 | cpe:2.3:a:imagemagick:imagemagick:7.0.1-2:*:*:*:*:*:*:* |
imagemagick | imagemagick | 7.0.1-3 | cpe:2.3:a:imagemagick:imagemagick:7.0.1-3:*:*:*:*:*:*:* |
imagemagick | imagemagick | 7.0.1-4 | cpe:2.3:a:imagemagick:imagemagick:7.0.1-4:*:*:*:*:*:*:* |
imagemagick | imagemagick | 7.0.1-5 | cpe:2.3:a:imagemagick:imagemagick:7.0.1-5:*:*:*:*:*:*:* |
imagemagick | imagemagick | 7.0.1-6 | cpe:2.3:a:imagemagick:imagemagick:7.0.1-6:*:*:*:*:*:*:* |
imagemagick | imagemagick | 7.0.1-7 | cpe:2.3:a:imagemagick:imagemagick:7.0.1-7:*:*:*:*:*:*:* |
imagemagick | imagemagick | 7.0.1-8 | cpe:2.3:a:imagemagick:imagemagick:7.0.1-8:*:*:*:*:*:*:* |
www.openwall.com/lists/oss-security/2016/07/28/13
www.openwall.com/lists/oss-security/2016/07/28/15
www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
www.securityfocus.com/bid/92186
www.securitytracker.com/id/1036501
github.com/ImageMagick/ImageMagick/blob/6.9.5-4/ChangeLog
github.com/ImageMagick/ImageMagick/commit/dd84447b63a71fa8c3f47071b09454efc667767b
security.gentoo.org/glsa/201611-21
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
83.2%