Vulnerabilities > CVE-2017-13132 - Reachable Assertion vulnerability in Imagemagick 7.0.68
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
In ImageMagick 7.0.6-8, the WritePDFImage function in coders/pdf.c operates on an incorrect data structure in the "dump uncompressed PseudoColor packets" step, which allows attackers to cause a denial of service (assertion failure in WriteBlobStream in MagickCore/blob.c) via a crafted file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
| NASL family | Gentoo Local Security Checks |
| NASL id | GENTOO_GLSA-201711-07.NASL |
| description | The remote host is affected by the vulnerability described in GLSA-201711-07 (ImageMagick: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in ImageMagick. Please review the referenced CVE identifiers for details. Impact : Remote attackers, by enticing a user to process a specially crafted file, could obtain sensitive information, cause a Denial of Service condition, or have other unspecified impacts. Workaround : There is no known workaround at this time. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 104515 |
| published | 2017-11-13 |
| reporter | This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/104515 |
| title | GLSA-201711-07 : ImageMagick: Multiple vulnerabilities |