6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.013 Low
EPSS
Percentile
85.9%
A vulnerability was found in ImageMagick that is triggered when the software parses a PNG image containing a single dash (-) in the filename. To remotely exploit this bug, an attacker can upload a malicious PNG with a text chunk that adds a single dash in the name to any site using ImageMagick. The site would then parse the image, and ImageMagick would interpret the text string as the filename, loading the content as a raw profile. If this text string contains a single dash, the program would then try to read content from the standard input, potentially leaving the conversion process waiting infinitely, causing a denial of service.