Описание
The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service (use-after-free after an invalid call to TIFFSetField, and application crash) via a crafted file.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | ImageMagick | Will not fix | ||
| Red Hat Enterprise Linux 6 | ImageMagick | Will not fix | ||
| Red Hat Enterprise Linux 7 | ImageMagick | Will not fix |
Показывать по
Дополнительная информация
Статус:
3.3 Low
CVSS3
Связанные уязвимости
The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service (use-after-free after an invalid call to TIFFSetField, and application crash) via a crafted file.
The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service (use-after-free after an invalid call to TIFFSetField, and application crash) via a crafted file.
The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has ...
The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service (use-after-free after an invalid call to TIFFSetField, and application crash) via a crafted file.
Уязвимость функции TIFFSetProfiles компонента coders/tiff.c консольного графического редактора ImageMagick, связанная с использованием области памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании
3.3 Low
CVSS3