ImageMagick 7.x < 7.0.2-0 ReadSUNImage() Function SUN Image Handling DoS
High Nessus Plugin ID 91764
SynopsisThe remote Windows host has an application installed that is affected by a denial of service vulnerability.
DescriptionThe remote Windows host has a version of ImageMagick installed that is 7.x prior to 7.0.2-0. It is, therefore, affected by a denial of service vulnerability due to a flaw in the ReadSUNImage() function in sun.c that is triggered during the handling of malformed SUN images. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted SUN image, to crash processes linked against the library, resulting in a denial of service condition.
SolutionUpgrade to ImageMagick version 7.0.2-0 or later.
Note that you may need to manually uninstall the vulnerable version from the system.