Veracode Vulnerability DatabaseVERACODE:43015Denial Of Service (DoS)
7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
0.001 Low
EPSS
Percentile
35.0%
imagemagick is vulnerable to Denial of Service (DoS) attacks. The vulnerability exists due to a flaw in the way the identify command handles certain image files. A remote attacker can exploit this vulnerability to cause the ImageMagick process to leak memory, which could eventually lead to a denial of service attack.
References
github.com/ImageMagick/ImageMagick/issues/2889
lists.debian.org/debian-lts-announce/2024/03/msg00020.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LICYTADFJAFPZW3Y2MKNCJIUYODPAG4L/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YAULDP3GG5KI3XITQ5XSMRSILCBZS2VK/
security-tracker.debian.org/tracker/CVE-2022-48541
Related
7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
0.001 Low
EPSS
Percentile
35.0%