ImageMagick 7.x < 7.0.3-6 WaveletDenoiseImage() Heap Buffer Overflow RCE
High Nessus Plugin ID 95319
SynopsisAn application installed on the remote Windows host is affected by a remote code execution vulnerability.
DescriptionThe version of ImageMagick installed on the remote Windows host is 7.x prior to 7.0.3-6. It is, therefore, affected by a heap buffer overflow condition in the WaveletDenoiseImage() function within file MagicCore/fx.c. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.
SolutionUpgrade to ImageMagick version 7.0.3-6 or later. Note that you may also need to manually uninstall the vulnerable version from the system.