Описание
ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.
A vulnerability was found in ImageMagick that is triggered when the software parses a PNG image containing a single dash (-) in the filename. To remotely exploit this bug, an attacker can upload a malicious PNG with a text chunk that adds a single dash in the name to any site using ImageMagick. The site would then parse the image, and ImageMagick would interpret the text string as the filename, loading the content as a raw profile. If this text string contains a single dash, the program would then try to read content from the standard input, potentially leaving the conversion process waiting infinitely, causing a denial of service.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | ImageMagick | Out of support scope | ||
| Red Hat Enterprise Linux 7 | ImageMagick | Out of support scope |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.
ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.
ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parse ...
ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.
Уязвимость графического редактора ImageMagick, связанная с ошибками управления ресурсом, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
7.5 High
CVSS3