6.5
CVE-2015-8957
- EPSS 2.99%
- Veröffentlicht 20.04.2017 18:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
- Quelle security@debian.org
- CVE-Watchlists
- Unerledigt
Buffer overflow in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (application crash) via a crafted SUN file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Imagemagick ≫ Imagemagick Version <= 6.9.0-3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.99% | 0.855 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://www.openwall.com/lists/oss-security/2016/09/22/2
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26838
http://www.securityfocus.com/bid/93125
https://bugzilla.redhat.com/show_bug.cgi?id=1378735
https://github.com/ImageMagick/ImageMagick/commit/450bd716ed3b9186dd10f9e60f630a3d9eeea2a4
https://github.com/ImageMagick/ImageMagick/commit/78f82d9d1c2944725a279acd573a22168dc6e22a
https://github.com/ImageMagick/ImageMagick/commit/bd96074b254c6607a0f7731e59f923ad19d5a46d