Vulnerability CVE-2017-8830

Vulnerability CVE-2017-8830

Published: 2017-05-08

Description:

In ImageMagick 7.0.5-6, the ReadBMPImage function in bmp.c:1379 allows attackers to cause a denial of service (memory leak) via a crafted file.

Type:

CWE-772

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
4.3/10	2.9/10	8.6/10

Exploit range	Attack complexity	Authentication
Remote	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
None	None	Partial

Affected software
Imagemagick -> Imagemagick

References:

http://www.debian.org/security/2017/dsa-3863

http://www.securityfocus.com/bid/98687

https://github.com/ImageMagick/ImageMagick/issues/467

Copyright 2024, cxsecurity.com