CVE-2016-10146

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Multiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors.

References

http://www.debian.org/security/2017/dsa-3799

http://www.openwall.com/lists/oss-security/2017/01/16/6

http://www.openwall.com/lists/oss-security/2017/01/17/5

http://www.securityfocus.com/bid/95744

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851380

https://github.com/ImageMagick/ImageMagick/commit/aeff00de228bc5a158c2a975ab47845d8a1db456

https://security.gentoo.org/glsa/201702-09

Details

Source: MITRE

Published: 2017-03-24

Updated: 2017-11-04

Type: CWE-399

Risk Information

CVSS v2

Base Score: 7.8

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*

Tenable Plugins

View all (9 total)

IDNameProductFamilySeverity
97634Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : imagemagick vulnerabilities (USN-3222-1)NessusUbuntu Local Security Checks
critical
97562openSUSE Security Update : ImageMagick (openSUSE-2017-303)NessusSuSE Local Security Checks
critical
97495SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2017:0586-1)NessusSuSE Local Security Checks
critical
97475Debian DSA-3799-1 : imagemagick - security updateNessusDebian Local Security Checks
critical
97317SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2017:0529-1)NessusSuSE Local Security Checks
critical
97252GLSA-201702-09 : ImageMagick: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
97075openSUSE Security Update : GraphicsMagick (openSUSE-2017-214)NessusSuSE Local Security Checks
critical
97073openSUSE Security Update : GraphicsMagick (openSUSE-2017-212)NessusSuSE Local Security Checks
critical
96882Debian DLA-807-1 : imagemagick security updateNessusDebian Local Security Checks
critical