Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-13 have a stack overflow via infinite recursion in MSL (Magick Scripting Language) <write> command when writing to MSL format. Version 7.1.2-13 fixes the issue.
A flaw was found in ImageMagick. A local user could exploit this vulnerability by providing a specially crafted Magick Scripting Language (MSL) file. This file, when processed, could trigger infinite recursion within the <write> command, leading to a stack overflow. Successful exploitation results in a Denial of Service (DoS) condition, making the application unavailable.
Отчет
This vulnerability is rated Moderate for Red Hat products. It affects ImageMagick, where a stack overflow can occur due to infinite recursion when processing a specially crafted Magick Scripting Language (MSL) file. Exploitation requires an attacker to provide a malicious MSL file to a user or service that processes image files using ImageMagick in affected versions of Red Hat Enterprise Linux and Community Projects.
Меры по смягчению последствий
To mitigate this issue, restrict ImageMagick's ability to process Magick Scripting Language (MSL) files. This can be achieved by adding a policy entry to disable the MSL coder. Create or modify the ImageMagick policy file (e.g., /etc/ImageMagick-7/policy.xml or /etc/ImageMagick/policy.xml) to include the following line within the <policymap> tags:
After modifying the policy file, services or applications that use ImageMagick may need to be restarted for the changes to take effect. This may impact functionality that relies on processing MSL files.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | ImageMagick | Out of support scope | ||
| Red Hat Enterprise Linux 7 | ImageMagick | Out of support scope |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-13 have a stack overflow via infinite recursion in MSL (Magick Scripting Language) `<write>` command when writing to MSL format. Version 7.1.2-13 fixes the issue.
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-13 have a stack overflow via infinite recursion in MSL (Magick Scripting Language) `<write>` command when writing to MSL format. Version 7.1.2-13 fixes the issue.
ImageMagick is free and open-source software used for editing and mani ...
ImageMagick MSL: Stack overflow via infinite recursion in ProcessMSLScript
Уязвимость команды MSL (Magick Scripting Language) <write> консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5.5 Medium
CVSS3