Описание
A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service.
A heap based buffer-overflow flaw was found in ImageMagick’s PushShortPixel function in quantum-private.h file. This vulnerability can be triggered by an attacker passing a specially crafted TIFF image file to ImageMagick for conversion, leading to a denial of service attack.
Отчет
Versions of ImageMagick shipped with Red Hat Enterprise Linux 6, 7 are not affected, as our code-base is a bit different than upstream. Also, vulnerable code is not present in our code-base. Red Hat Product Security has rated this issue as having a Moderate security impact. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | ImageMagick | Not affected | ||
| Red Hat Enterprise Linux 7 | ImageMagick | Not affected |
Показывать по
Дополнительная информация
Статус:
5.5 Medium
CVSS3
Связанные уязвимости
A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service.
A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service.
A heap-buffer-overflow flaw was found in ImageMagick\u2019s PushShortP ...
5.5 Medium
CVSS3