Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, when a PCD file does not contain a valid Sync marker, the DecodeImage() function becomes trapped in an infinite loop while searching for the Sync marker, causing the program to become unresponsive and continuously consume CPU resources, ultimately leading to system resource exhaustion and denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
A flaw was found in ImageMagick. A remote attacker could exploit this vulnerability by providing a specially crafted PCD (Picture CD) image file that lacks a valid Sync marker. This causes the DecodeImage() function to enter an infinite loop, leading to continuous CPU resource consumption and system resource exhaustion. The primary consequence is a denial of service (DoS), rendering the program unresponsive.
Отчет
This MODERATE impact denial of service flaw in ImageMagick allows a remote attacker to cause continuous CPU resource consumption and system resource exhaustion. This occurs when processing a specially crafted PCD image file that lacks a valid Sync marker. Red Hat Enterprise Linux 6 ELS and 7 ELS are affected.
Меры по смягчению последствий
To mitigate this vulnerability, restrict ImageMagick's ability to process untrusted PCD files. If PCD file support is not required, consider disabling the PCD coder in ImageMagick's policy.xml configuration file. Add to /etc/ImageMagick-X/policy.xml (where X is the ImageMagick version). A service restart or application reload may be required for the changes to take effect.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | ImageMagick | Out of support scope | ||
| Red Hat Enterprise Linux 7 | ImageMagick | Out of support scope |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, when a PCD file does not contain a valid Sync marker, the DecodeImage() function becomes trapped in an infinite loop while searching for the Sync marker, causing the program to become unresponsive and continuously consume CPU resources, ultimately leading to system resource exhaustion and denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, when a PCD file does not contain a valid Sync marker, the DecodeImage() function becomes trapped in an infinite loop while searching for the Sync marker, causing the program to become unresponsive and continuously consume CPU resources, ultimately leading to system resource exhaustion and denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
ImageMagick is free and open-source software used for editing and mani ...
ImageMagick: Infinite loop vulnerability when parsing a PCD file
EPSS
7.5 High
CVSS3