PT-2017-3901 · Graphicsmagick+2 · Graphicsmagick+2
Publicado
2017-08-24
·
Atualizado
2019-12-16
·
CVE-2017-13776
CVSS v2.0
7.1
Alta
| Vetor | AV:N/AC:M/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
GraphicsMagick version 1.3.26
Description
The issue is related to a denial of service in the
ReadXBMImage() function, specifically in the "Read hex image data" case when the version is not equal to 10. This results in the reader not returning, causing large amounts of CPU and memory consumption. The vulnerability is associated with resource exhaustion of the central processor. Exploitation of this issue may allow a remote attacker to cause a denial of service.Recommendations
For GraphicsMagick version 1.3.26, consider disabling the
ReadXBMImage() function as a temporary workaround to minimize the risk of exploitation until a patch is available.Exploit
Correção
DoS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Graphicsmagick
Suse
Ubuntu