ImageMagick 7.x < 7.0.3-9 ReadSGIImage() SGI File Handling DoS
High Nessus Plugin ID 95722
SynopsisAn application installed on the remote Windows host is affected by a denial of service vulnerability.
DescriptionThe version of ImageMagick installed on the remote Windows host is 7.x prior to 7.0.3-9. It is, therefore, affected by a denial of service vulnerability due to an out-of-bounds read error in the ReadSGIImage() function within file coders/sgi.c when handling iris info dimensions.
An unauthenticated, remote attacker can exploit this to crash a process linked against the library or possibly disclose memory contents.
Note that CVE-2016-9773 exists due to an incomplete fix for CVE-2016-9556.
SolutionUpgrade to ImageMagick version 7.0.3-9 or later. Note that you may also need to manually uninstall the vulnerable version from the system.