Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak in the ASHLAR image writer allows an attacker to exhaust process memory by providing a crafted image that results in small objects that are allocated but never freed. Version 7.1.2-15 contains a patch.
A flaw was found in ImageMagick. A remote attacker can exploit a memory leak in the ASHLAR image writer by providing a specially crafted image. This vulnerability causes small objects to be allocated but never freed, leading to the exhaustion of process memory and a Denial of Service (DoS).
Отчет
The impact of this flaw is MODERATE. A memory leak in the ASHLAR image writer component of ImageMagick can be triggered by processing a specially crafted image. This could lead to resource exhaustion and denial of service. This affects Red Hat Enterprise Linux 6 ELS and 7 ELS.
Меры по смягчению последствий
To mitigate this issue, restrict ImageMagick's processing of untrusted or unverified image files. Where possible, process images from unverified sources within a sandboxed environment to contain potential resource exhaustion. Additionally, ensure that applications utilizing ImageMagick implement robust input validation for all image inputs.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | ImageMagick | Out of support scope | ||
| Red Hat Enterprise Linux 7 | ImageMagick | Out of support scope |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
5.3 Medium
CVSS3
Связанные уязвимости
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak in the ASHLAR image writer allows an attacker to exhaust process memory by providing a crafted image that results in small objects that are allocated but never freed. Version 7.1.2-15 contains a patch.
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak in the ASHLAR image writer allows an attacker to exhaust process memory by providing a crafted image that results in small objects that are allocated but never freed. Version 7.1.2-15 contains a patch.
ImageMagick is free and open-source software used for editing and mani ...
ImageMagick: Possible memory leak in ASHLAR encoder
5.3 Medium
CVSS3