Resource Exhaustion in imagemagick

Do your applications use this vulnerable package? Test your applications

Overview

In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.

References

CVE Details
Debian Security Tracker
GitHub Issue
Security Focus
Ubuntu CVE Tracker
Ubuntu Security Advisory

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

Required
Scope

Unchanged
Confidentiality

None
Integrity

None
Availability

High

CVE: CVE-2018-15607
CWE: CWE-400
Snyk ID: SNYK-DEBIAN10-IMAGEMAGICK-400130
Disclosed: 21 Aug, 2018
Published: 25 Sep, 2018

Resource Exhaustion
Affecting imagemagick package, versions *

Overview

References

CVSS Score

Resource Exhaustion Affecting imagemagick package, versions *

Overview

References

Resource Exhaustion
Affecting imagemagick package, versions *