PT-2015-7826 · Imagemagick+3 · Imagemagick+3

Martin Prpič

Published

2015-12-31

Updated

2020-07-31

CVE-2015-8900

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions ImageMagick versions 6.x through 7.x

Description The issue allows remote attackers to cause a denial of service, specifically an infinite loop, by using a crafted HDR file. This is related to the ReadHDRImage function in coders/hdr.c.

Recommendations For ImageMagick versions 6.x through 7.x, consider disabling the ReadHDRImage function as a temporary workaround until a patch is available. Restrict access to processing HDR files to minimize the risk of exploitation.

Exploit

Fix

DoS

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

ALT-PU-2016-1580

CVE-2015-8900

DLA-960-1

OPENSUSE-SU-2016_1748-1

OPENSUSE-SU-2016_1833-1

SUSE-SU-2016:1784-1

USN-3131-1

Affected Products

Alt Linux

Imagemagick

Suse

Ubuntu

PT-2015-7826 · Imagemagick+3 · Imagemagick+3

CVE-2015-8900

Weakness Enumeration

Related Identifiers

Affected Products

References · 257