6.5

CVE-2016-7536

magick/profile.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted profile.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ImagemagickImagemagick Version < 6.9.4-0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.72% 0.841
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.openwall.com/lists/oss-security/2016/09/22/2
Patch
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/93225
Third Party Advisory
VDB Entry
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545367
Third Party Advisory
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1378772
Third Party Advisory
Issue Tracking
https://github.com/ImageMagick/ImageMagick/commit/02dadf116124cfba35d7ebd9ced3e5ad0be0f176
Patch
Third Party Advisory
https://github.com/ImageMagick/ImageMagick/commit/478cce544fdf1de882d78381768458f397964453
Patch
https://github.com/ImageMagick/ImageMagick/issues/130
Patch
Vendor Advisory
Issue Tracking