Memory leak in ImageMagick - CVE-2017-8346
Published: May 22, 2017 / Updated: May 30, 2017
Vulnerability identifier: #VU6615
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-8346
CWE-ID: CWE-401
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: ImageMagick.org
Affected software:
ImageMagick
ImageMagick
Detailed vulnerability description
The vulnerability allows a remote unauthenticated attacker to cause DoS conditions on the target system.
The weakness exists due to memory leak in ReadDCMImage function in dcm.c when handling malicious files. A remote attacker can send a specially crafted image file, trigger boundary error and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
The weakness exists due to memory leak in ReadDCMImage function in dcm.c when handling malicious files. A remote attacker can send a specially crafted image file, trigger boundary error and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
How to mitigate CVE-2017-8346
Update to version 7.0.5-6.