Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL (Magick Scripting Language) parser when processing tags before images are loaded. This can lead to DoS attack due to assertion failure (debug builds) or NULL pointer dereference (release builds). This issue is fixed in version 14.10.2.
A flaw was found in ImageMagick. A remote attacker could exploit a NULL pointer dereference vulnerability in the Magick Scripting Language (MSL) parser. This occurs when processing tags before images are loaded. Successful exploitation can lead to a Denial of Service (DoS) attack, making the software unavailable.
Отчет
This vulnerability is rated Moderate for Red Hat products. A NULL pointer dereference flaw exists in ImageMagick's MSL parser when processing tags before image loading. This could allow an attacker to cause a Denial of Service (DoS) by providing a specially crafted image file. This affects ImageMagick versions 14.10.1 and below, as shipped in various Red Hat products including EPEL and Red Hat Enterprise Linux Extended Life Cycle Support (ELS) releases.
Меры по смягчению последствий
To mitigate this issue, users should avoid processing untrusted or specially crafted MSL (Magick Scripting Language) files with ImageMagick. Restricting the sources of MSL files and ensuring that ImageMagick only processes trusted input can reduce the risk of exploitation. If ImageMagick is used in an automated pipeline, consider implementing sandboxing mechanisms to limit the impact of potential denial-of-service attacks.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | ImageMagick | Out of support scope | ||
| Red Hat Enterprise Linux 7 | ImageMagick | Out of support scope |
Показывать по
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL (Magick Scripting Language) parser when processing <comment> tags before images are loaded. This can lead to DoS attack due to assertion failure (debug builds) or NULL pointer dereference (release builds). This issue is fixed in version 14.10.2.
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL (Magick Scripting Language) parser when processing <comment> tags before images are loaded. This can lead to DoS attack due to assertion failure (debug builds) or NULL pointer dereference (release builds). This issue is fixed in version 14.10.2.
ImageMagick is free and open-source software used for editing and mani ...
ImageMagick has a NULL pointer dereference in MSL parser via <comment> tag before image load
6.5 Medium
CVSS3