Описание
ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagickMemory because of an error in CLIListOperatorImages in MagickWand/operation.c for a NULL value.
It was discovered that ImageMagick does not properly release acquired memory when some error conditions occur in the function CLIListOperatorImages() and compare option is used. An attacker could abuse this flaw by providing a specially crafted image and cause a Denial of Service by using all available memory.
Отчет
This issue did not affect the versions of ImageMagick as shipped with Red Hat Enterprise Linux 7 as they did not include the vulnerable code.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | ImageMagick | Out of support scope | ||
| Red Hat Enterprise Linux 6 | ImageMagick | Out of support scope | ||
| Red Hat Enterprise Linux 7 | ImageMagick | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
3.3 Low
CVSS3
Связанные уязвимости
ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagickMemory because of an error in CLIListOperatorImages in MagickWand/operation.c for a NULL value.
ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagickMemory because of an error in CLIListOperatorImages in MagickWand/operation.c for a NULL value.
ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagickMemor ...
ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagickMemory because of an error in CLIListOperatorImages in MagickWand/operation.c for a NULL value.
Уязвимость функции CLIListOperatorImages() (MagickWand/operation.c) консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
3.3 Low
CVSS3