6.5

CVE-2018-5685

Exploit
In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c). Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GraphicsmagickGraphicsmagick Version1.3.27
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.94% 0.775
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html
Third Party Advisory
Mailing List
https://www.debian.org/security/2018/dsa-4321
Third Party Advisory
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/52a91ddb1aa6
Patch
https://lists.debian.org/debian-lts-announce/2018/01/msg00018.html
Third Party Advisory
Mailing List
https://sourceforge.net/p/graphicsmagick/bugs/541/
Third Party Advisory
Exploit
Issue Tracking