ImageMagick 7.0.7-0 Q16 coders/sixel.c sixel_decode Denial of Service

eintrageditHistoryDiffjsonxmlCTI

In ImageMagick 7.0.7-0 Q16 (Image Processing Software) wurde eine problematische Schwachstelle ausgemacht. Es geht um die Funktion sixel_decode der Datei coders/sixel.c. Ein Aktualisieren vermag dieses Problem zu lösen. Das Erscheinen einer Gegenmassnahme geschah 10 Monate nach der Veröffentlichung der Schwachstelle. Die Entwickler haben demnach fahrlässig langsam und viel spät gehandelt.

Feld21.09.2017 21:4718.11.2019 14:5113.01.2021 18:01
typeImage Processing SoftwareImage Processing SoftwareImage Processing Software
nameImageMagickImageMagickImageMagick
version7.0.7-0 Q167.0.7-0 Q167.0.7-0 Q16
filecoders/sixel.ccoders/sixel.ccoders/sixel.c
functionsixel_decodesixel_decodesixel_decode
cwe476 (Denial of Service)476 (Denial of Service)476 (Denial of Service)
risk111
historic000
cvss2_vuldb_basescore5.05.05.0
cvss2_vuldb_tempscore3.93.93.9
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciNNN
cvss2_vuldb_iiNNN
cvss2_vuldb_aiPPP
cvss2_nvd_avNNN
cvss2_nvd_acLLL
cvss2_nvd_auNNN
cvss2_nvd_ciPPP
cvss2_nvd_iiPPP
cvss2_nvd_aiPPP
cvss3_meta_basescore7.57.57.5
cvss3_meta_tempscore6.66.66.6
cvss3_vuldb_basescore5.35.35.3
cvss3_vuldb_tempscore4.74.74.7
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iNNN
cvss3_vuldb_aLLL
cvss3_nvd_avNNN
cvss3_nvd_acLLL
cvss3_nvd_prNNN
cvss3_nvd_uiNNN
cvss3_nvd_sUUU
cvss3_nvd_cHHH
cvss3_nvd_iHHH
cvss3_nvd_aHHH
date1505952000 (21.09.2017)1505952000 (21.09.2017)1505952000 (21.09.2017)
locationGitHub RepositoryGitHub RepositoryGitHub Repository
urlhttps://github.com/ImageMagick/ImageMagick/issues/720https://github.com/ImageMagick/ImageMagick/issues/720https://github.com/ImageMagick/ImageMagick/issues/720
price_0day$0-$5k$0-$5k$0-$5k
cveCVE-2017-14626CVE-2017-14626CVE-2017-14626
cve_assigned150595200015059520001505952000
cve_nvd_published150595200015059520001505952000
cve_nvd_summaryImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c.ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c.ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c.
securityfocus100943100943100943
securityfocus_titleImageMagick CVE-2017-14626 Denial of Service VulnerabilityImageMagick CVE-2017-14626 Denial of Service VulnerabilityImageMagick CVE-2017-14626 Denial of Service Vulnerability
nessus_riskHighHighHigh
nessus_typelocallocallocal
nessus_date1528848000 (13.06.2018)1528848000 (13.06.2018)1528848000 (13.06.2018)
seealso106943 106944 107000 107501 107512 111080 111826 115280 118619106943 106944 107000 107501 107512 111080 111826 115280 118619106943 106944 107000 107501 107512 111080 111826 115280 118619
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcUCUCUC
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcUUU
reaction_days264264264
0day_days181818
exposure_days264264264
person_nicknameVenustechVenustechVenustech
cvss3_nvd_basescore9.89.89.8
discoverydate15043968001504396800
company_nameAdlab of VenustechAdlab of Venustech
confirm_urlhttps://github.com/ImageMagick/ImageMagick/issues/720https://github.com/ImageMagick/ImageMagick/issues/720
nameUpgradeUpgrade
date1528761600 (12.06.2018)1528761600 (12.06.2018)
securityfocus_date1505952000 (21.09.2017)1505952000 (21.09.2017)
securityfocus_classFailure to Handle Exceptional ConditionsFailure to Handle Exceptional Conditions
nessus_id110516110516
nessus_nameUbuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : imagemagick vulnerabilities (USN-3681-1)Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : imagemagick vulnerabilities (USN-3681-1)
nessus_filenameubuntu_USN-3681-1.naslubuntu_USN-3681-1.nasl
nessus_familyUbuntu Local Security ChecksUbuntu Local Security Checks
openvas_filenamegb_ubuntu_USN_3681_1.naslgb_ubuntu_USN_3681_1.nasl
openvas_titleUbuntu Update for imagemagick USN-3681-1Ubuntu Update for imagemagick USN-3681-1
openvas_familyUbuntu Local Security ChecksUbuntu Local Security Checks
person_nameADLab
cvss2_nvd_basescore7.5

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!