Denial Of Service

2019-03-2507:11:20

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.01 Low

EPSS

Percentile

83.6%

JSON

ImageMagick is vulnerable to denial of service (DoS). The attacker can input a malicious image file to the function PopHexPixel of coders/ps.c, resulting in a stack buffer overflow and leading to a code execution.

CPENameOperatorVersion
imagemagickle6.8.8-9
inkscapeeq0.92.2__2.el7
imagemagickeq6.7.8.9__15.el7_2
imagemagickeq6.7.8.9__16.el7_6
imagemagickeq6.7.8.9__18.el7
autotraceeq0.31.1__37.el7
emacseq24.3__20.el7_4
emacseq24.3__22.el7
imagemagick:bustereq8:6.9.10.23+dfsg-2.1+deb10u1

Name	Operator	Version
imagemagick	le	6.8.8-9
inkscape	eq	0.92.2__2.el7
imagemagick	eq	6.7.8.9__15.el7_2
imagemagick	eq	6.7.8.9__16.el7_6
imagemagick	eq	6.7.8.9__18.el7
autotrace	eq	0.31.1__37.el7
emacs	eq	24.3__20.el7_4
emacs	eq	24.3__22.el7
imagemagick:buster	eq	8:6.9.10.23+dfsg-2.1+deb10u1

References

github.com/ImageMagick/ImageMagick/issues/1523

Denial Of Service

References

Related