CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS
Percentile
90.9%
The Magick_png_malloc function in coders/png.c in GraphicsMagick 6.7.8-6
does not use the proper variable type for the allocation size, which might
allow remote attackers to cause a denial of service (crash) via a crafted
PNG file that triggers incorrect memory allocation.