Veracode Vulnerability DatabaseVERACODE:3952Denial Of Service (DoS)
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
ImageMagick is vulnerable to denial of service (DoS) attacks. A malicious user can pass a WPG file to the system to cause an out-of-bounds read in the ExtractPostscript function, crashing the system.
| CPE | Name | Operator | Version |
|---|---|---|---|
| imagemagick | le | 6.8.8-9 |
References
www.openwall.com/lists/oss-security/2016/09/22/2
www.securityfocus.com/bid/93220
bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542115
bugzilla.redhat.com/show_bug.cgi?id=1378759
github.com/ImageMagick/ImageMagick/commit/a251039393f423c7858e63cab6aa98d17b8b7a41
github.com/ImageMagick/ImageMagick/commit/b3dd69b23e9338806891c708a0cc8a82c0d1872a
github.com/ImageMagick/ImageMagick/issues/122
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P