F5 Networks BIG-IP : ImageMagick vulnerabilities (K30403302)
Medium Nessus Plugin ID 95035
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionCVE-2015-8895 Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer overflow.
CVE-2015-8896 Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K30403302.