Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file can cause a denial of service. An off-by-one boundary check (> instead of >=) that allows bypass the guard and reach an undefined (size_t) cast. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
A flaw was found in ImageMagick, a software used for editing and manipulating digital images. A remote attacker could exploit an off-by-one boundary check vulnerability by providing a specially crafted SVG (Scalable Vector Graphics) file. This could lead to a denial of service (DoS) condition, making the software unavailable to legitimate users.
Отчет
This is a MODERATE impact flaw in ImageMagick that could lead to a denial of service when processing a specially crafted SVG file. Red Hat Enterprise Linux 6 ELS and 7 ELS, as well as Community Projects like Fedora and EPEL, include ImageMagick. Exploitation requires an attacker to provide a malicious SVG file to a system utilizing ImageMagick for image processing.
Меры по смягчению последствий
To mitigate this issue, avoid processing untrusted SVG files with ImageMagick. If ImageMagick is used in an automated or server-side context, consider implementing sandboxing mechanisms or restricting the input sources to trusted origins to limit exposure to specially crafted SVG files.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | ImageMagick | Out of support scope | ||
| Red Hat Enterprise Linux 7 | ImageMagick | Out of support scope |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file can cause a denial of service. An off-by-one boundary check (`>` instead of `>=`) that allows bypass the guard and reach an undefined `(size_t)` cast. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file can cause a denial of service. An off-by-one boundary check (`>` instead of `>=`) that allows bypass the guard and reach an undefined `(size_t)` cast. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
ImageMagick is free and open-source software used for editing and mani ...
ImageMagick: Integer overflow or wraparound and incorrect conversion between numeric types in the internal SVG decoder
7.5 High
CVSS3