Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:22817
HistoryMar 27, 2020 - 1:03 p.m.

Denial Of Service (DoS)

2020-03-2713:03:50
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
30
imagemagick
vulnerability
memory leaks
denial of service
heap-based buffer over-read
malicious image file

EPSS

0.049

Percentile

92.9%

ImageMagick is vulnerable to denial of service (DoS). The attack exists because the function WriteTIFFImage of coders/tiff.c causes memory leaks in AcquireMagickMemory , allowing an attacker to input a malicious image file to trigger a heap-based buffer over-read.

Affected configurations

Vulners
Node
inkscapeinkscapeMatch0.92.2_2.el7
OR
imagemagickimagemagickMatch6.7.8.9_16.el7_6
OR
imagemagickimagemagickMatch6.7.8.9_18.el7
OR
imagemagickimagemagickMatch6.7.8.9_15.el7_2
OR
-autotraceMatch0.31.1_37.el7
OR
emacsMatch24.3_22.el7
OR
emacsMatch24.3_20.el7_4
OR
-imagemagick6Match6.9.10.39-r0
OR
-imagemagick\Matchbullseye8\6.9.11.24+dfsg-1+b2
OR
-imagemagick\Matchsid8\6.9.11.24+dfsg-1+b2
OR
-imagemagick\Matchstretch8\6.9.7.4+dfsg-11+deb9u8
OR
imagemagickimagemagickRange≤6.8.8-9
VendorProductVersionCPE
inkscapeinkscape0.92.2_2.el7cpe:2.3:a:inkscape:inkscape:0.92.2_2.el7:*:*:*:*:*:*:*
imagemagickimagemagick6.7.8.9_16.el7_6cpe:2.3:a:imagemagick:imagemagick:6.7.8.9_16.el7_6:*:*:*:*:*:*:*
imagemagickimagemagick6.7.8.9_18.el7cpe:2.3:a:imagemagick:imagemagick:6.7.8.9_18.el7:*:*:*:*:*:*:*
imagemagickimagemagick6.7.8.9_15.el7_2cpe:2.3:a:imagemagick:imagemagick:6.7.8.9_15.el7_2:*:*:*:*:*:*:*
-autotrace0.31.1_37.el7cpe:2.3:a:-:autotrace:0.31.1_37.el7:*:*:*:*:*:*:*
*emacs24.3_22.el7cpe:2.3:a:*:emacs:24.3_22.el7:*:*:*:*:*:*:*
*emacs24.3_20.el7_4cpe:2.3:a:*:emacs:24.3_20.el7_4:*:*:*:*:*:*:*
-imagemagick66.9.10.39-r0cpe:2.3:a:-:imagemagick6:6.9.10.39-r0:*:*:*:*:*:*:*
-imagemagick\bullseyecpe:2.3:a:-:imagemagick\:bullseye:8\:6.9.11.24+dfsg-1+b2:*:*:*:*:*:*:*
-imagemagick\sidcpe:2.3:a:-:imagemagick\:sid:8\:6.9.11.24+dfsg-1+b2:*:*:*:*:*:*:*
Rows per page:
1-10 of 121