CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
EPSS
Percentile
33.5%
A flaw was found in ImageMagick in MagickCore/quantum-export.c. An attacker
who submits a crafted file that is processed by ImageMagick could trigger
undefined behavior in the form of values outside the range of type
unsigned long long
as well as a shift exponent that is too large for
64-bit type. This would most likely lead to an impact to application
availability, but could potentially cause other problems related to
undefined behavior. This flaw affects ImageMagick versions prior to
7.0.9-0.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | imagemagick | < 8:6.9.7.4+dfsg-16ubuntu6.11 | UNKNOWN |
ubuntu | 20.04 | noarch | imagemagick | < 8:6.9.10.23+dfsg-2.1ubuntu11.4 | UNKNOWN |
ubuntu | 20.10 | noarch | imagemagick | < 8:6.9.10.23+dfsg-2.1ubuntu13.3 | UNKNOWN |
ubuntu | 14.04 | noarch | imagemagick | < any | UNKNOWN |
ubuntu | 16.04 | noarch | imagemagick | < any | UNKNOWN |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
EPSS
Percentile
33.5%