9.8

CVE-2016-5691

Exploit
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OracleSolaris Version11.3
ImagemagickImagemagick Version <= 6.9.4-4
ImagemagickImagemagick Version7.0.1-0
ImagemagickImagemagick Version7.0.1-1
ImagemagickImagemagick Version7.0.1-2
ImagemagickImagemagick Version7.0.1-3
ImagemagickImagemagick Version7.0.1-4
ImagemagickImagemagick Version7.0.1-5
ImagemagickImagemagick Version7.0.1-6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.45% 0.917
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/06/14/5
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/06/17/3
Third Party Advisory
http://www.securityfocus.com/bid/91283
Third Party Advisory
VDB Entry
https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG%2C-DDS%2C-DCM.html
https://github.com/ImageMagick/ImageMagick/blob/6.9.4-5/ChangeLog
Vendor Advisory
Release Notes
https://github.com/ImageMagick/ImageMagick/blob/7.0.1-7/ChangeLog
Vendor Advisory
Release Notes
https://github.com/ImageMagick/ImageMagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d
Vendor Advisory
Exploit