5.5

CVE-2017-6498

An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus leading to DoS.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ImagemagickImagemagick Version6.9.7
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.32% 0.671
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.debian.org/security/2017/dsa-3808
Third Party Advisory
http://www.securityfocus.com/bid/96591
Third Party Advisory
VDB Entry
https://bugs.debian.org/856878
Third Party Advisory
Mailing List
Issue Tracking
https://github.com/ImageMagick/ImageMagick/commit/65f75a32a93ae4044c528a987a68366ecd4b46b9
Patch
https://github.com/ImageMagick/ImageMagick/pull/359
Patch
Third Party Advisory