Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, Magick fails to check for circular references between two MVGs, leading to a stack overflow. This is a DoS vulnerability, and any situation that allows reading the mvg file will be affected. Version 7.1.2-12 fixes the issue.
A flaw was found in ImageMagick, free and open-source software used for editing and manipulating digital images. ImageMagick fails to check for circular references between two Magick Vector Graphics (MVG) files. A remote attacker could exploit this by providing a specially crafted MVG file, leading to a stack overflow and causing a Denial of Service (DoS) condition.
Отчет
This vulnerability is rated Moderate for Red Hat products. The flaw in ImageMagick allows a denial of service via a stack overflow when processing specially crafted Magick Vector Graphics (MVG) files with circular references. Exploitation requires an attacker to provide a malicious MVG file to a system using ImageMagick.
Меры по смягчению последствий
To reduce the risk of exploitation, avoid processing untrusted Magick Vector Graphics (MVG) files with ImageMagick. For deployments where ImageMagick processes external or untrusted content, consider implementing sandboxing or resource limiting mechanisms to contain potential Denial of Service impacts.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | ImageMagick | Out of support scope | ||
| Red Hat Enterprise Linux 7 | ImageMagick | Out of support scope |
Показывать по
Дополнительная информация
Статус:
EPSS
4 Medium
CVSS3
Связанные уязвимости
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, Magick fails to check for circular references between two MVGs, leading to a stack overflow. This is a DoS vulnerability, and any situation that allows reading the mvg file will be affected. Version 7.1.2-12 fixes the issue.
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, Magick fails to check for circular references between two MVGs, leading to a stack overflow. This is a DoS vulnerability, and any situation that allows reading the mvg file will be affected. Version 7.1.2-12 fixes the issue.
ImageMagick is free and open-source software used for editing and mani ...
ImageMagick's failure to limit MVG mutual causes Stack Overflow
Уязвимость консольного графического редактора ImageMagick, связанная с неконтролируемой рекурсией, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
4 Medium
CVSS3