Описание
In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c.
Отчет
This issue did not affect the versions of ImageMagick as shipped with Red Hat Enterprise Linux 5, 6 and 7 as they did not include the vulnerable code.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | ImageMagick | Not affected | ||
| Red Hat Enterprise Linux 6 | ImageMagick | Not affected | ||
| Red Hat Enterprise Linux 7 | ImageMagick | Not affected | ||
| Red Hat Enterprise Linux 8 | ImageMagick | Will not fix |
Показывать по
10
Дополнительная информация
Статус:
Low
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=1563889ImageMagick: Heap-based buffer over-read in coders/webp.c:IsWEBPImageLossless()
EPSS
Процентиль: 55%
0.00329
Низкий
3.3 Low
CVSS3
Связанные уязвимости
CVSS3: 8.8
ubuntu
почти 8 лет назад
In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c.
CVSS3: 8.8
nvd
почти 8 лет назад
In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c.
CVSS3: 8.8
debian
почти 8 лет назад
In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in ...
CVSS3: 8.8
github
больше 3 лет назад
In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c.
EPSS
Процентиль: 55%
0.00329
Низкий
3.3 Low
CVSS3