96589

https://bugs.debian.org/856881

https://github.com/ImageMagick/ImageMagick/commit/d31fec57e9dfb0516deead2053a856e3c71e9751

Please reference CVE/URL list for details

The version of ImageMagick installed on the remote Windows host is 6.x prior to 6.9.7-8 or 7.x prior to 7.0.4-8. It is, therefore, affected by multiple denial of service vulnerabilities :

  - A NULL pointer dereference flaw exists in the     ReadPSDChannel() function in coders/psd.c due to     improper handling of PSD files. An unauthenticated,     remote attacker can exploit this, by convincing a user     to open a specially crafted PSD file, to cause a denial     of service condition. (CVE-2017-6497)

  - A flaw exists in Magick++/lib/Exception.cpp due to     improper handling of nested exceptions. An     unauthenticated, remote attacker can exploit this to     cause the application to consume excessive resources,     resulting in a denial of service condition.
    (CVE-2017-6499)

  - A NULL pointer dereference flaw exists in the     ReadXCFImage() function in coders/xcf.c due to improper     handling of XCF files. An unauthenticated, remote     attacker can exploit this, by convincing a user to open     a specially crafted XCF file, to cause a denial of     service condition. (CVE-2017-6501)

ID	Name	Product	Family	Severity
135519	EulerOS 2.0 SP3 : ImageMagick (EulerOS-SA-2020-1390)	Nessus	Huawei Local Security Checks	high
131846	EulerOS 2.0 SP2 : ImageMagick (EulerOS-SA-2019-2354)	Nessus	Huawei Local Security Checks	high
100441	FreeBSD : ImageMagick -- multiple vulnerabilities (50776801-4183-11e7-b291-b499baebfeaf)	Nessus	FreeBSD Local Security Checks	high
97892	ImageMagick 6.x < 6.9.7-8 / 7.x < 7.0.4-8 Multiple DoS	Nessus	Windows	medium

CVE-2017-6501

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins

high

high

high

medium