5.5

CVE-2017-6500

An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer over-read.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ImagemagickImagemagick Version6.9.7
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.32% 0.671
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

http://www.debian.org/security/2017/dsa-3808
Third Party Advisory
http://www.securityfocus.com/bid/96592
Third Party Advisory
VDB Entry
https://bugs.debian.org/856879
Third Party Advisory
Mailing List
Issue Tracking
https://github.com/ImageMagick/ImageMagick/commit/3007531bfd326c5c1e29cd41d2cd80c166de8528
Patch
https://github.com/ImageMagick/ImageMagick/issues/375
Patch
Third Party Advisory
https://github.com/ImageMagick/ImageMagick/issues/376
Patch
Third Party Advisory