Lucene search

[email protected]CVE-2015-8896

HistoryMar 15, 2017 - 7:59 p.m.

CVE-2015-8896

2017-03-1519:59:00

[email protected]

web.nvd.nist.gov

imagemagick

cve-2015-8896

integer truncation

denial of service

security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.4%

JSON

Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file.

Affected configurations

NVD

Node

imagemagickimagemagickRange<6.9.4-0

imagemagickimagemagickRange7.0.0-0–7.0.5-0

Node

oraclelinuxMatch6-

oraclelinuxMatch7-

Node

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_eusMatch7.2

redhatenterprise_linux_eusMatch7.3

redhatenterprise_linux_eusMatch7.4

redhatenterprise_linux_eusMatch7.5

redhatenterprise_linux_eusMatch7.6

redhatenterprise_linux_eusMatch7.7

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_ausMatch7.2

redhatenterprise_linux_server_ausMatch7.3

redhatenterprise_linux_server_ausMatch7.4

redhatenterprise_linux_server_ausMatch7.6

redhatenterprise_linux_server_ausMatch7.7

redhatenterprise_linux_server_tusMatch7.2

redhatenterprise_linux_server_tusMatch7.3

redhatenterprise_linux_server_tusMatch7.6

redhatenterprise_linux_server_tusMatch7.7

redhatenterprise_linux_workstationMatch6.0

redhatenterprise_linux_workstationMatch7.0

CPENameOperatorVersion
imagemagick:imagemagickimagemagicklt6.9.4-0
imagemagick:imagemagickimagemagicklt7.0.5-0

CPE	Name	Operator	Version
imagemagick:imagemagick	imagemagick	lt	6.9.4-0
imagemagick:imagemagick	imagemagick	lt	7.0.5-0

References

www.openwall.com/lists/oss-security/2015/10/07/2

www.openwall.com/lists/oss-security/2015/10/08/3

www.openwall.com/lists/oss-security/2016/06/02/13

www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

www.securityfocus.com/bid/91027

access.redhat.com/errata/RHSA-2016:1237

bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1448803

github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.4%

JSON

Related for CVE-2015-8896

nvd1 veracode1 debiancve1 prion1 ubuntucve1 cvelist1 f52 nessus15 openvas12 osv1 ibm1 redhat1 amazon1 centos1 oraclelinux1 suse7 ubuntu1