CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
Percentile
74.5%
In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks
offset validation, which allows attackers to cause a denial of service
(load_tile memory exhaustion) via a crafted file.
Author | Note |
---|---|
mdeslaur | 0291-CVE-2017-13133-Fix-offset-validation-vulnerability-in-load_level-in-xcf.c.patch in wheezy the commit for this issue causes a regression in xcf image loading. See https://github.com/ImageMagick/ImageMagick/issues/697 the whole fix was reverted in: https://github.com/ImageMagick/ImageMagick/commit/a079c4a36f3a29912bd6ee4ea997622fabbcc189 there is no further fix for this issue. Marking as ignored. |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
Percentile
74.5%