6.5

CVE-2018-16644

There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ImagemagickImagemagick Version7.0.8-11
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.65% 0.881
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://usn.ubuntu.com/3785-1/
Third Party Advisory
https://usn.ubuntu.com/4034-1/
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html
https://lists.debian.org/debian-lts-announce/2018/10/msg00002.html
Third Party Advisory
https://www.debian.org/security/2018/dsa-4316
Third Party Advisory
https://github.com/ImageMagick/ImageMagick/commit/16916c8979c32765c542e216b31cee2671b7afe7
Patch
Third Party Advisory
https://github.com/ImageMagick/ImageMagick/commit/afa878a689870c28b6994ecf3bb8dbfb2b76d135
Patch
Third Party Advisory
https://github.com/ImageMagick/ImageMagick/issues/1269
Patch
Third Party Advisory
Issue Tracking