6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.005 Low
EPSS
Percentile
74.9%
libGraphicsMagick.so is vulnerable to Denial of Service (DoS) attacks. The vulnerability exists due to a divide-by-zero error in the ReadMNGImage
function of png.c
which allows an attacker to cause an application crash via a crafted mng file.
CPE | Name | Operator | Version |
---|---|---|---|
libgraphicsmagick.so | le | 3.17.0 | |
libgraphicsmagick.so | le | 3.17.0 |
www.securityfocus.com/bid/103526
bugzilla.suse.com/show_bug.cgi?id=1086773
github.com/kstep/graphicsmagick/blob/master/coders/png.c#L3521
lists.debian.org/debian-lts-announce/2018/03/msg00025.html
lists.debian.org/debian-lts-announce/2018/08/msg00002.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3IYH7QSNXXOIDFTYLY455ANZ3JWQ7FCS/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FS76VNCFL3FVRMGXQEMHBOKA7EE46BTS/
sourceforge.net/p/graphicsmagick/bugs/554/
sourceforge.net/p/graphicsmagick/code/ci/84040fada1eeea62b956bc90d8e67430927c4d90/
www.debian.org/security/2018/dsa-4321
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.005 Low
EPSS
Percentile
74.9%