6.5
CVE-2016-7536
- EPSS 2.72%
- Veröffentlicht 20.04.2017 18:59:01
- Zuletzt bearbeitet 13.05.2026 00:24:29
- Quelle security@debian.org
- CVE-Watchlists
- Unerledigt
magick/profile.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted profile.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Imagemagick ≫ Imagemagick Version < 6.9.4-0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.72% | 0.841 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://www.openwall.com/lists/oss-security/2016/09/22/2
http://www.securityfocus.com/bid/93225
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545367
https://bugzilla.redhat.com/show_bug.cgi?id=1378772
https://github.com/ImageMagick/ImageMagick/commit/02dadf116124cfba35d7ebd9ced3e5ad0be0f176
https://github.com/ImageMagick/ImageMagick/commit/478cce544fdf1de882d78381768458f397964453
https://github.com/ImageMagick/ImageMagick/issues/130