ImageMagick 6.x < 6.9.7-9 / 7.x < 7.0.4-10 webp.c ReadWEBPImage() File Descriptor Exhaustion DoS
Medium Nessus Plugin ID 97890
SynopsisAn application installed on the remote Windows host is affected by a denial of service vulnerability.
DescriptionThe version of ImageMagick installed on the remote Windows host is 6.x prior to 6.9.7-9 or 7.x prior to 7.0.4-10. It is, therefore, affected by a denial of service vulnerability in the ReadWEBPImage() function in coders/webp.c due to improper handling of WEBP files. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted WEBP file, to exhaust available file descriptors and cause a denial of service condition.
SolutionUpgrade to ImageMagick version 6.9.7-9 / 7.0.4-10 or later. Note that you may also need to manually uninstall the vulnerable version from the system.