CVE-2015-8896

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.0.5-0

Description The issue is caused by an integer truncation problem in the coders/pict.c file, allowing remote attackers to cause a denial of service by crashing the application via a crafted .pict file. This can be exploited by using negative numbers when specifying the size of a field, potentially enabling an attacker to forge cross-site requests using a specially crafted pict file.

Recommendations For versions prior to 7.0.5-0, update to version 7.0.5-0 or later to resolve the issue. As a temporary workaround, consider restricting the use of .pict files or disabling the vulnerable coders/pict.c module until a patch is applied. Avoid using negative numbers when specifying field sizes in the affected module to minimize the risk of exploitation.