CVE-2017-6498

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus leading to DoS.

References

http://www.debian.org/security/2017/dsa-3808

http://www.securityfocus.com/bid/96591

https://bugs.debian.org/856878

https://github.com/ImageMagick/ImageMagick/commit/65f75a32a93ae4044c528a987a68366ecd4b46b9

https://github.com/ImageMagick/ImageMagick/pull/359

Details

Source: MITRE

Published: 2017-03-06

Updated: 2019-03-13

Type: CWE-20

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Tenable Plugins

View all (7 total)

IDNameProductFamilySeverity
135519EulerOS 2.0 SP3 : ImageMagick (EulerOS-SA-2020-1390)NessusHuawei Local Security Checks
critical
131846EulerOS 2.0 SP2 : ImageMagick (EulerOS-SA-2019-2354)NessusHuawei Local Security Checks
critical
100441FreeBSD : ImageMagick -- multiple vulnerabilities (50776801-4183-11e7-b291-b499baebfeaf)NessusFreeBSD Local Security Checks
critical
97963Debian DLA-868-1 : imagemagick security updateNessusDebian Local Security Checks
medium
97891ImageMagick 6.x < 6.9.7-5 / 7.x < 7.0.4-5 tga.c WriteTGAImage() Assertion Failure DoSNessusWindows
medium
97753Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : imagemagick vulnerabilities (USN-3232-1)NessusUbuntu Local Security Checks
medium
97699Debian DSA-3808-1 : imagemagick - security updateNessusDebian Local Security Checks
high