6.5

CVE-2017-9499

In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function SetPixelChannelAttributes, which allows attackers to cause a denial of service via a crafted file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ImagemagickImagemagick Version7.0.5-7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.74% 0.748
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

http://www.securityfocus.com/bid/98944
Third Party Advisory
VDB Entry
https://github.com/ImageMagick/ImageMagick/commit/7fd419441bc7103398e313558171d342c6315f44
Patch
Third Party Advisory
Issue Tracking
https://github.com/ImageMagick/ImageMagick/issues/492
Patch
Third Party Advisory
Issue Tracking