Veracode Vulnerability DatabaseVERACODE:3625Denial Of Service (DoS)
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
ImageMagick is vulnerable to denial of service (DoS) attacks. A malicious user can pass a malicious HDR file to the system to cause an infinite loop that can lead to the system running out of resources and crashing.
| CPE | Name | Operator | Version |
|---|---|---|---|
| imagemagick | le | 6.8.8-9 |
References
trac.imagemagick.org/changeset/17845
trac.imagemagick.org/changeset/17846
www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26929
www.openwall.com/lists/oss-security/2015/02/26/13
www.openwall.com/lists/oss-security/2016/06/06/2
bugzilla.redhat.com/show_bug.cgi?id=1195260
github.com/ImageMagick/ImageMagick/commit/97aa7d7cfd2027f6ba7ce42caf8b798541b9cdc6
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P