PT-2016-3106 · Imagemagick+3 · Imagemagick+3
Adam Mariš
·
Publicado
2015-02-18
·
Atualizado
2017-05-09
·
CVE-2015-8958
CVSS v3.1
6.5
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
ImageMagick versions prior to 6.9.0-4 Beta
Description
The issue is caused by an out-of-bounds read in the
coders/sun.c component of ImageMagick, allowing remote attackers to cause a denial of service (application crash) via a crafted SUN file. This can lead to a denial of service due to the application crashing.Recommendations
For versions prior to 6.9.0-4 Beta, update to version 6.9.0-4 Beta or later to resolve the issue. As a temporary workaround, consider restricting the use of the
coders/sun.c component to minimize the risk of exploitation. Avoid processing crafted SUN files until the issue is resolved.Exploit
Correção
DoS
Out of bounds Read
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Imagemagick
Suse
Ubuntu