Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, in the WriteSVGImage function, using an int variable to store number_attributes caused an integer overflow. This, in turn, triggered a buffer overflow and caused a DoS attack. Version 7.1.2-12 fixes the issue.
A flaw was found in ImageMagick, a free and open-source software used for editing and manipulating digital images. A remote attacker can exploit this vulnerability by providing a specially crafted SVG (Scalable Vector Graphics) image. An integer overflow occurs in the WriteSVGImage function when storing number_attributes, which subsequently triggers a buffer overflow. This can lead to a Denial of Service (DoS) attack, making the software unavailable.
Отчет
This vulnerability is rated Moderate for Red Hat products as it can lead to a Denial of Service in ImageMagick. A remote attacker can exploit this flaw by providing a specially crafted SVG image, triggering an integer overflow and subsequent buffer overflow during image processing. This can render the ImageMagick software unavailable.
Меры по смягчению последствий
To mitigate this issue, users should avoid processing untrusted SVG images with ImageMagick. If processing untrusted content is unavoidable, consider isolating ImageMagick operations within a sandboxed environment to limit potential impact.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | ImageMagick | Out of support scope | ||
| Red Hat Enterprise Linux 7 | ImageMagick | Out of support scope |
Показывать по
Дополнительная информация
Статус:
5.3 Medium
CVSS3
Связанные уязвимости
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, in the WriteSVGImage function, using an int variable to store number_attributes caused an integer overflow. This, in turn, triggered a buffer overflow and caused a DoS attack. Version 7.1.2-12 fixes the issue.
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, in the WriteSVGImage function, using an int variable to store number_attributes caused an integer overflow. This, in turn, triggered a buffer overflow and caused a DoS attack. Version 7.1.2-12 fixes the issue.
ImageMagick is free and open-source software used for editing and mani ...
Уязвимость функции WriteSVGImage консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании
5.3 Medium
CVSS3