Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a heap use-after-free vulnerability in ImageMagick's MSL decoder allows an attacker to trigger access to freed memory by crafting an MSL file. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
A flaw was found in ImageMagick, free and open-source software used for editing and manipulating digital images. A heap use-after-free vulnerability in ImageMagick's MSL (Magick Scripting Language) decoder allows an attacker to trigger access to freed memory by crafting a malicious MSL file. This can lead to a denial of service.
Отчет
MODERATE: This flaw in ImageMagick's MSL decoder allows an attacker to trigger access to freed memory by processing a specially crafted MSL file. This could lead to application crashes or potentially arbitrary code execution. Red Hat Enterprise Linux 6 ELS and 7 ELS are affected by this vulnerability.
Меры по смягчению последствий
To reduce the risk of exploitation, avoid processing untrusted or suspicious MSL files with ImageMagick. Implement strict input validation and ensure that ImageMagick only processes files from trusted sources. If ImageMagick is deployed in a server environment, consider isolating the application within a sandboxed environment to limit potential impact.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | ImageMagick | Out of support scope | ||
| Red Hat Enterprise Linux 7 | ImageMagick | Out of support scope |
Показывать по
Дополнительная информация
Статус:
5.3 Medium
CVSS3
Связанные уязвимости
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a heap use-after-free vulnerability in ImageMagick's MSL decoder allows an attacker to trigger access to freed memory by crafting an MSL file. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a heap use-after-free vulnerability in ImageMagick's MSL decoder allows an attacker to trigger access to freed memory by crafting an MSL file. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
ImageMagick is free and open-source software used for editing and mani ...
ImageMagick has Heap Use-After-Free in ImageMagick MSL decoder
5.3 Medium
CVSS3