CVE-2018-18023

Опубликовано: 07 окт. 2018

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the SVGStripString function of coders/svg.c, which allows attackers to cause a denial of service via a crafted SVG image file.

Ссылки

https://github.com/ImageMagick/ImageMagick/issues/1336
Exploit
Issue Tracking
Patch
Third Party Advisory
https://usn.ubuntu.com/4034-1/
https://github.com/ImageMagick/ImageMagick/issues/1336
Exploit
Issue Tracking
Patch
Third Party Advisory
https://usn.ubuntu.com/4034-1/

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:imagemagick:imagemagick:7.0.8-13:q16:*:*:*:*:*:*

EPSS

Процентиль: 59%

0.00377

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

CVE-2018-18023

CVSS3: 6.5

ubuntu

больше 7 лет назад

In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the SVGStripString function of coders/svg.c, which allows attackers to cause a denial of service via a crafted SVG image file.

CVE-2018-18023

CVSS3: 3.3

redhat

больше 7 лет назад

In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the SVGStripString function of coders/svg.c, which allows attackers to cause a denial of service via a crafted SVG image file.

CVE-2018-18023

CVSS3: 6.5

debian

больше 7 лет назад

In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in ...

GHSA-4m78-fr6r-52pp

CVSS3: 6.5

github

больше 3 лет назад

In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the SVGStripString function of coders/svg.c, which allows attackers to cause a denial of service via a crafted SVG image file.

EPSS

Процентиль: 59%

0.00377

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-125