PT-2017-11914 · Imagemagick · Imagemagick
Jgj212
·
Publicado
2017-07-13
·
Atualizado
2019-10-03
·
CVE-2017-11310
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ImageMagick version 7.0.6-1 Q16 2017-06-21 (beta)
Description
The issue is related to memory leak vulnerabilities in the read user chunk callback function, located in coderspng.c, which can be exploited via crafted PNG files.
Recommendations
For ImageMagick version 7.0.6-1 Q16 2017-06-21 (beta), consider restricting the use of the read user chunk callback function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Missing Release of Resource after Effective Lifetime
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Imagemagick