CVE-2015-8900

Опубликовано: 27 фев. 2017

Источник: debian

EPSS Низкий

Описание

The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
imagemagick	fixed	8:6.9.1.2-1	experimental	package
imagemagick	fixed	8:6.8.9.9-6		package
imagemagick	fixed	8:6.8.9.9-5+deb8u1	jessie	package
imagemagick	no-dsa		squeeze	package

Примечания

https://www.openwall.com/lists/oss-security/2015/02/20/4
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26929
http://web.archive.org/web/20150501030131/http://trac.imagemagick.org/changeset/17845
http://web.archive.org/web/20150429001241/http://trac.imagemagick.org/changeset/17846

EPSS

Процентиль: 45%

0.00222

Низкий

Связанные уязвимости

CVE-2015-8900

CVSS3: 5.5

ubuntu

почти 9 лет назад

The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file.

CVE-2015-8900

redhat

почти 11 лет назад

The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file.

CVE-2015-8900

CVSS3: 5.5

nvd

почти 9 лет назад

The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file.

GHSA-xjpw-mc8f-p786

CVSS3: 5.5

github

больше 3 лет назад

The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file.

openSUSE-SU-2016:1833-1

suse-cvrf

больше 9 лет назад

Security update for ImageMagick

EPSS

Процентиль: 45%

0.00222

Низкий