CVE-2017-18252

EPSS 0.14%
Veröffentlicht 27.03.2018 03:29:00
Zuletzt bearbeitet 21.11.2024 03:19:41
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Imagemagick ≫ Imagemagick Version7.0.7

Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version17.10

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.343

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://usn.ubuntu.com/3681-1/

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html

https://github.com/ImageMagick/ImageMagick/issues/802

Patch

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2017-18252

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-18252

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-18252

EUVD