SB2016100802 - Arch Linux update for imagemagick
Published: October 8, 2016
Security Bulletin ID
SB2016100802
Severity
Low
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Denial of service (CVE-ID: CVE-2016-7799)
The vulnerability allows a remote unauthenticated user to cause DoS conditions on the vulnerable system.The weakness exists due to buffer over read caused by malicious file and allowing attackers to cause the affected application to crash.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.
2) Arbitrary code execution (CVE-ID: CVE-2016-7906)
The vulnerability allows a remote unauthenticated user to cause arbitrary code execution on the target system.The weakness exists due to use after free caused by a specially crafted image and letting attackers to execute arbitrary code or cause the application crash.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Remediation
Install update from vendor's website.