Memory leak in ImageMagick - CVE-2017-8346
Published: May 22, 2017 / Updated: May 30, 2017
Vulnerability identifier: #VU6615
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-8346
CWE-ID: CWE-401
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
ImageMagick
ImageMagick
Software vendor:
ImageMagick.org
ImageMagick.org
Description
The vulnerability allows a remote unauthenticated attacker to cause DoS conditions on the target system.
The weakness exists due to memory leak in ReadDCMImage function in dcm.c when handling malicious files. A remote attacker can send a specially crafted image file, trigger boundary error and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
The weakness exists due to memory leak in ReadDCMImage function in dcm.c when handling malicious files. A remote attacker can send a specially crafted image file, trigger boundary error and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
Remediation
Update to version 7.0.5-6.