PT-2016-3067 · Imagemagick+3 · Imagemagick+3

Marcograsso

·

Publicado

2016-10-04

·

Atualizado

2021-04-28

·

CVE-2016-7799

CVSS v3.1

6.5

Média

VetorAV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.0.3-2
Description The issue is related to a function in MagickCore/profile.c that allows remote attackers to cause a denial of service due to an out-of-bounds read via a crafted file. This can be exploited by an attacker to disrupt service.
Recommendations For versions prior to 7.0.3-2, update to version 7.0.3-2 or later to resolve the issue. As a temporary workaround, consider restricting access to crafted files that could exploit this issue until a patch is applied.

Correção

DoS

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

ALT-PU-2016-2089
BDU:2017-00321
CVE-2016-7799
DLA-756-1
DSA-3726-1
MGASA-2018-0229
SUSE-SU-2016:2667-1
SUSE-SU-2016:2964-1
USN-3142-1
USN-3142-2

Produtos afetados

Alt Linux
Imagemagick
Suse
Ubuntu