ImageMagick 6.x < 6.9.7-5 / 7.x < 7.0.4-5 tga.c WriteTGAImage() Assertion Failure DoS
Medium Nessus Plugin ID 97891
SynopsisAn application installed on the remote Windows host is affected by a denial of service vulnerability.
DescriptionThe version of ImageMagick installed on the remote Windows host is 6.x prior to 6.9.7-5 or 7.x prior to 7.0.4-5. It is, therefore, affected by a denial of service vulnerability in the WriteTGAImage() function in coders/tga.c due to improper handling of TGA files. An unauthenticated, remote attacker can exploit this, by convincing a user to convert a specially crafted image to a TGA file, to cause a denial of service condition.
SolutionUpgrade to ImageMagick version 6.9.7-5 / 7.0.4-5 or later. Note that you may also need to manually uninstall the vulnerable version from the system.