New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 5.9
SynopsisAn application installed on the remote Windows host is affected by multiple vulnerabilities.
DescriptionThe version of ImageMagick installed on the remote Windows host is 6.x prior to 6.9.4-3 or 7.x prior to 7.0.1-4. It is, therefore, affected by the following vulnerabilities :
- An out-of-bounds read error exists in the VerticalFilter() function in coders/dds.c due to improper handling of malformed DDS files. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted DDS file, to crash processes linked against the library, resulting in a denial of service condition. (CVE-2016-5687)
- An overflow condition exists in the ReadWPGImage() function in coders/wpg.c due to improper validation of user-supplied input when handling WPG files. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted WPG file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5688)
- An invalid write error exists in the OpenPixelCache() function in MagickCore/cache.c due to improper handling of resources. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5688)
SolutionUpgrade to ImageMagick version 6.9.4-3 / 7.0.1-4 or later.
Note that you may need to manually uninstall the vulnerable version from the system.