PT-2017-2468 · Imagemagick+3 · Imagemagick+3

Jgj212

Publicado

2017-07-10

Atualizado

2020-04-08

CVE-2017-11166

CVSS v2.0

7.1

Alta

Vetor

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions ImageMagick version 7.0.5-6

Description The issue is related to a memory leak in the ReadXWDImage function, which can lead to memory exhaustion. This can be triggered by a crafted length field in the header of an XWD file, specifically the number of color-map entries. The vulnerability is associated with resource management errors and can be exploited remotely.

Recommendations For ImageMagick version 7.0.5-6, consider disabling the ReadXWDImage function as a temporary workaround to prevent memory exhaustion until a patch is available. Restrict access to XWD files to minimize the risk of exploitation. Avoid using the ReadXWDImage function with untrusted XWD files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Release of Resource after Effective Lifetime

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-399CWE-772

Identificadores relacionados

BDU:2017-01678

CESA-2020_1180

CVE-2017-11166

RHSA-2020:1180

RHSA-2020_1180

SUSE-SU-2018:0486-1

SUSE-SU-2018:0581-1

SUSE-SU-2018_0486-1

SUSE-SU-2018_0581-1

Produtos afetados

Centos

Imagemagick

Red Hat

Suse

PT-2017-2468 · Imagemagick+3 · Imagemagick+3

CVE-2017-11166

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 85