Published: 15/03/2017 Updated: 18/05/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

The SpliceImage function in MagickCore/transform.c in ImageMagick prior to 6.9.2-4 allows remote malicious users to cause a denial of service (application crash) via a crafted png file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
imagemagick imagemagick

Several security issues were fixed in ImageMagick ...

It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processes A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privil ...

The SpliceImage function in MagickCore/transformc in ImageMagick before 692-4 allows remote attackers to cause a denial of service (application crash) via a crafted png file ...

CWE-125 https://github.com/ImageMagick/ImageMagick/commit/7b1cf5784b5bcd85aa9293ecf56769f68c037231 http://www.openwall.com/lists/oss-security/2016/06/02/13 http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=28466 http://www.securityfocus.com/bid/91030 https://access.redhat.com/errata/RHSA-2016:1237 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html https://usn.ubuntu.com/3131-1/https://nvd.nist.gov

CVE-2015-8897

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect