ImageMagick 6.x < 6.9.6-6 ReadSGIImage() SGI File Handling DoS
High Nessus Plugin ID 95720
SynopsisAn application installed on the remote Windows host is affected by a denial of service vulnerability.
DescriptionThe version of ImageMagick installed on the remote Windows host is 6.x prior to 6.9.6-6. It is, therefore, affected by a denial of service vulnerability due to an out-of-bounds read error in the ReadSGIImage() function within file coders/sgi.c when handling iris info dimensions.
An unauthenticated, remote attacker can exploit this to crash a process linked against the library or possibly disclose memory contents.
SolutionUpgrade to ImageMagick version 6.9.6-6 or later. Note that you may also need to manually uninstall the vulnerable version from the system.