Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.1-14, ImageMagick crashes when processing a crafted TIFF file. Version 7.1.1-14 fixes the issue.
A flaw was found in ImageMagick. Processing a specially crafted TIFF file can cause a heap-based buffer overflow and result in a denial of service.
Отчет
To exploit this issue, an attacker needs to convince a user to process a crafted TIFF file with ImageMagick. Additionally, this vulnerability can cause a heap-based buffer overflow, but there is no evidence of memory corruption or code execution, limiting the impact to an application crash. Due to these reasons, this flaw has been rated with a low severity.
Меры по смягчению последствий
To mitigate this issue, avoid processing untrusted TIFF files with ImageMagick. In environments where ImageMagick processes files automatically, ensure that all input files originate from trusted sources or implement strict input validation to prevent the processing of malicious TIFF files.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | ImageMagick | Out of support scope | ||
| Red Hat Enterprise Linux 7 | ImageMagick | Out of support scope |
Показывать по
Дополнительная информация
Статус:
EPSS
3.3 Low
CVSS3
Связанные уязвимости
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.1-14, ImageMagick crashes when processing a crafted TIFF file. Version 7.1.1-14 fixes the issue.
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.1-14, ImageMagick crashes when processing a crafted TIFF file. Version 7.1.1-14 fixes the issue.
ImageMagick is free and open-source software used for editing and mani ...
EPSS
3.3 Low
CVSS3