Описание
A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the "identify -help" command.
A flaw was found in ImageMagick, which susceptible to a Missing Release of Memory after the Effective Lifetime vulnerability is triggered by the 'identify -help' command. This issue could allow an attacker to initiate a denial of service attack by inducing a memory leak.
Отчет
The identified flaw in ImageMagick, presenting a "Missing Release of Memory" vulnerability triggered by the 'identify -help' command, carries a moderate severity rating due to its potential impact on system stability and resource consumption. While the vulnerability could lead to a denial of service condition by inducing memory leaks, its exploitation requires specific user interaction with the affected command. Furthermore, successful exploitation does not inherently grant unauthorized access or execution of arbitrary code. However, in scenarios where the affected command is publicly accessible or invoked frequently, such as in web applications processing user-uploaded images, the risk of exploitation and consequent disruption to service availability elevates.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | ImageMagick | Out of support scope | ||
| Red Hat Enterprise Linux 7 | ImageMagick | Out of support scope |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
7.1 High
CVSS3
Связанные уязвимости
A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the "identify -help" command.
A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the "identify -help" command.
A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote att ...
A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the "identify -help" command.
Уязвимость команды "identify -help" консольного графического редактора ImageMagick, связанная с неправильным освобождением памяти перед удалением последней ссылки, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании
7.1 High
CVSS3