6.5

CVE-2017-9144

In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ImagemagickImagemagick Version7.0.5-5
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.85% 0.763
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.debian.org/security/2017/dsa-3863
Third Party Advisory
http://www.securityfocus.com/bid/98603
Third Party Advisory
VDB Entry
https://github.com/ImageMagick/ImageMagick/commit/f6240ee77847787f6d7618b669d3a2040a2d6d40
Patch
Vendor Advisory