6.5

CVE-2018-16645

There is an excessive memory allocation issue in the functions ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ImagemagickImagemagick Version7.0.8-11
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.21% 0.865
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

https://usn.ubuntu.com/3785-1/
Third Party Advisory
https://usn.ubuntu.com/4034-1/
https://lists.debian.org/debian-lts-announce/2018/10/msg00002.html
Third Party Advisory
https://www.debian.org/security/2018/dsa-4316
Third Party Advisory
https://github.com/ImageMagick/ImageMagick/commit/ecb31dbad39ccdc65868d5d2a37f0f0521250832
Patch
Third Party Advisory
https://github.com/ImageMagick/ImageMagick/issues/1268
Patch
Third Party Advisory
Issue Tracking