6.5

CVE-2017-1000445

ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of service
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ImagemagickImagemagick Version < 6.9.9-15
ImagemagickImagemagick Version >= 7.0.0-0 <= 7.0.7-1
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version17.10
CanonicalUbuntu Linux Version18.04 SwEditionlts
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.76% 0.818
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://usn.ubuntu.com/3681-1/
Third Party Advisory
http://www.securityfocus.com/bid/102368
Third Party Advisory
VDB Entry
https://github.com/ImageMagick/ImageMagick/issues/775
Patch
Third Party Advisory
Issue Tracking