PT-2017-4117 · Imagemagick+2 · Imagemagick+2
Henices
·
Publicado
2017-12-22
·
Atualizado
2020-09-08
·
CVE-2017-17914
CVSS v2.0
7.1
Alta
| Vetor | AV:N/AC:M/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
ImageMagick version 7.0.7-16 Q16
Description
A denial of service issue exists due to excessive iteration in the
ReadOnePNGImage function in coders/png.c, allowing remote attackers to cause a denial of service via a crafted mng image file. This can lead to a large loop in ReadOneMNGImage.Recommendations
For ImageMagick version 7.0.7-16 Q16, consider disabling the
ReadOnePNGImage function in coders/png.c as a temporary workaround to prevent exploitation until a patch is available. Restrict access to handling mng image files to minimize the risk of denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
DoS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Imagemagick
Suse
Ubuntu