CVE-2016-5689

Опубликовано: 13 дек. 2016

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks.

Ссылки

http://www.openwall.com/lists/oss-security/2016/06/14/5
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/06/17/3
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
Third Party Advisory
http://www.securityfocus.com/bid/91283
Third Party Advisory
VDB Entry
https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG%2C-DDS%2C-DCM.html
https://github.com/ImageMagick/ImageMagick/blob/6.9.4-5/ChangeLog
Release Notes
Vendor Advisory
https://github.com/ImageMagick/ImageMagick/blob/7.0.1-7/ChangeLog
Release Notes
Vendor Advisory
https://github.com/ImageMagick/ImageMagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d
Exploit
Vendor Advisory
http://www.openwall.com/lists/oss-security/2016/06/14/5
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/06/17/3
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
Third Party Advisory
http://www.securityfocus.com/bid/91283
Third Party Advisory
VDB Entry
https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG%2C-DDS%2C-DCM.html
https://github.com/ImageMagick/ImageMagick/blob/6.9.4-5/ChangeLog
Release Notes
Vendor Advisory
https://github.com/ImageMagick/ImageMagick/blob/7.0.1-7/ChangeLog
Release Notes
Vendor Advisory
https://github.com/ImageMagick/ImageMagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*

Версия до 6.9.4-4 (включая)

cpe:2.3:a:imagemagick:imagemagick:7.0.1-0:*:*:*:*:*:*:*

cpe:2.3:a:imagemagick:imagemagick:7.0.1-1:*:*:*:*:*:*:*

cpe:2.3:a:imagemagick:imagemagick:7.0.1-2:*:*:*:*:*:*:*

cpe:2.3:a:imagemagick:imagemagick:7.0.1-3:*:*:*:*:*:*:*

cpe:2.3:a:imagemagick:imagemagick:7.0.1-4:*:*:*:*:*:*:*

cpe:2.3:a:imagemagick:imagemagick:7.0.1-5:*:*:*:*:*:*:*

cpe:2.3:a:imagemagick:imagemagick:7.0.1-6:*:*:*:*:*:*:*

EPSS

Процентиль: 83%

0.01978

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-476

Связанные уязвимости

CVE-2016-5689

CVSS3: 9.8

ubuntu

около 9 лет назад

The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks.

CVE-2016-5689

redhat

больше 9 лет назад

The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks.

CVE-2016-5689

CVSS3: 9.8

debian

около 9 лет назад

The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 al ...

GHSA-f5g7-hcr2-c463

CVSS3: 9.8

github

больше 3 лет назад

The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks.

SUSE-SU-2016:1782-1

suse-cvrf

больше 9 лет назад

Security update for ImageMagick

EPSS

Процентиль: 83%

0.01978

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-476