Vulnerabilities > CVE-2017-12876 - Out-of-bounds Write vulnerability in Imagemagick
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
Heap-based buffer overflow in enhance.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family | Gentoo Local Security Checks |
NASL id | GENTOO_GLSA-201711-07.NASL |
description | The remote host is affected by the vulnerability described in GLSA-201711-07 (ImageMagick: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in ImageMagick. Please review the referenced CVE identifiers for details. Impact : Remote attackers, by enticing a user to process a specially crafted file, could obtain sensitive information, cause a Denial of Service condition, or have other unspecified impacts. Workaround : There is no known workaround at this time. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 104515 |
published | 2017-11-13 |
reporter | This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/104515 |
title | GLSA-201711-07 : ImageMagick: Multiple vulnerabilities |
References
- http://www.openwall.com/lists/oss-security/2017/08/16/3
- http://www.openwall.com/lists/oss-security/2017/08/16/3
- https://blogs.gentoo.org/ago/2017/08/10/imagemagick-heap-based-buffer-overflow-in-omp_outlined-32-enhance-c/
- https://blogs.gentoo.org/ago/2017/08/10/imagemagick-heap-based-buffer-overflow-in-omp_outlined-32-enhance-c/
- https://github.com/ImageMagick/ImageMagick/commit/1cc6f0ccc92c20c7cab6c4a7335daf29c91f0d8e
- https://github.com/ImageMagick/ImageMagick/commit/1cc6f0ccc92c20c7cab6c4a7335daf29c91f0d8e
- https://security.gentoo.org/glsa/201711-07
- https://security.gentoo.org/glsa/201711-07