Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the MSL interpreter crashes when processing a invalid <map> element that causes it to use an image after it has been freed. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
A flaw was found in ImageMagick, a software suite for editing and manipulating digital images. A remote attacker could exploit this vulnerability by providing a specially crafted image containing an invalid <map> element to the Magick Scripting Language (MSL) interpreter. This flaw causes a use-after-free, leading to an application crash and resulting in a Denial of Service (DoS).
Отчет
MODERATE: This flaw in ImageMagick allows a use-after-free vulnerability when processing a specially crafted MSL <map> element. An attacker could provide a malicious image file, leading to a denial of service due to application crashes. This affects systems where ImageMagick is used to process untrusted image files.
Меры по смягчению последствий
To mitigate this issue, avoid processing untrusted or maliciously crafted image files with ImageMagick. If ImageMagick is used in a service, restrict access to trusted sources and ensure input validation is in place to prevent the processing of arbitrary or malformed MSL files.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | ImageMagick | Out of support scope | ||
| Red Hat Enterprise Linux 7 | ImageMagick | Out of support scope |
Показывать по
Дополнительная информация
Статус:
5.3 Medium
CVSS3
Связанные уязвимости
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the MSL interpreter crashes when processing a invalid `<map>` element that causes it to use an image after it has been freed. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the MSL interpreter crashes when processing a invalid `<map>` element that causes it to use an image after it has been freed. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
ImageMagick is free and open-source software used for editing and mani ...
ImageMagick: Invalid MSL <map> can result in a use after free
5.3 Medium
CVSS3