Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a logic error in YUV sampling factor validation allows an invalid sampling factor to bypass checks and trigger a division-by-zero during image loading, resulting in a reliable denial-of-service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
A flaw was found in ImageMagick, a free and open-source software used for editing and manipulating digital images. A logic error in the YUV sampling factor validation allows an invalid sampling factor to bypass security checks. This can trigger a division-by-zero error during image loading, leading to a reliable Denial of Service (DoS) for an affected system when processing a specially crafted image.
Отчет
This MODERATE impact vulnerability in ImageMagick can lead to a denial-of-service. A logic error in YUV sampling factor validation allows an invalid sampling factor to bypass checks, triggering a division-by-zero during image loading. This affects ImageMagick as shipped in Red Hat Enterprise Linux 6 ELS and 7 ELS.
Меры по смягчению последствий
To mitigate this issue, avoid processing untrusted or unknown image files with ImageMagick. Limiting the exposure of ImageMagick to untrusted input sources can reduce the risk of exploitation.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | ImageMagick | Out of support scope | ||
| Red Hat Enterprise Linux 7 | ImageMagick | Out of support scope |
Показывать по
Дополнительная информация
Статус:
5.3 Medium
CVSS3
Связанные уязвимости
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a logic error in YUV sampling factor validation allows an invalid sampling factor to bypass checks and trigger a division-by-zero during image loading, resulting in a reliable denial-of-service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a logic error in YUV sampling factor validation allows an invalid sampling factor to bypass checks and trigger a division-by-zero during image loading, resulting in a reliable denial-of-service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
ImageMagick is free and open-source software used for editing and mani ...
ImageMagick has Division-by-Zero in YUV sampling factor validation, which leads to crash
5.3 Medium
CVSS3