4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.036 Low
EPSS
Percentile
91.5%
The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and
earlier does not use the proper variable type for the allocation size,
which might allow remote attackers to cause a denial of service (crash) via
a crafted PNG file that triggers incorrect memory allocation.
Author | Note |
---|---|
tyhicks | png_IM_malloc() in older releases |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | imagemagick | < 7:6.5.7.8-1ubuntu1.3 | UNKNOWN |
ubuntu | 11.04 | noarch | imagemagick | < 7:6.6.2.6-1ubuntu4.2 | UNKNOWN |
ubuntu | 11.10 | noarch | imagemagick | < 8:6.6.0.4-3ubuntu1.2 | UNKNOWN |
ubuntu | 12.04 | noarch | imagemagick | < 8:6.6.9.7-5ubuntu3.2 | UNKNOWN |