CVE-2018-7470

Опубликовано: 25 фев. 2018

Источник: debian

EPSS Низкий

Описание

An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLossless function in coders/webp.c allows attackers to cause a denial of service (segmentation violation) via a crafted file.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
imagemagick	fixed	8:6.9.9.39+dfsg-1		package

Примечания

https://github.com/ImageMagick/ImageMagick/issues/998
https://github.com/ImageMagick/ImageMagick/commit/9e80713e5132a3bd26702ee0a833306f7e801469
ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8130e12eb30685ef958f4e62fe624da393920be7
ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/7305dacfcdf5e51c4f8d0ba9f77fa97792f8acf7
webp support not enabled, see #806425

EPSS

Процентиль: 48%

0.00252

Низкий

Связанные уязвимости

CVE-2018-7470

CVSS3: 6.5

ubuntu

почти 8 лет назад

An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLossless function in coders/webp.c allows attackers to cause a denial of service (segmentation violation) via a crafted file.

CVE-2018-7470

CVSS3: 3.3

redhat

почти 8 лет назад

An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLossless function in coders/webp.c allows attackers to cause a denial of service (segmentation violation) via a crafted file.

CVE-2018-7470

CVSS3: 6.5

nvd

почти 8 лет назад

An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLossless function in coders/webp.c allows attackers to cause a denial of service (segmentation violation) via a crafted file.

GHSA-jvfx-qw69-pwg5

CVSS3: 6.5

github

больше 3 лет назад

An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLossless function in coders/webp.c allows attackers to cause a denial of service (segmentation violation) via a crafted file.

openSUSE-SU-2018:0893-1

suse-cvrf

почти 8 лет назад

Security update for ImageMagick

EPSS

Процентиль: 48%

0.00252

Низкий