CVE-2017-17681
MEDIUM
6,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
HIGH
7,1
Source: [email protected]
Access Vector: network
Access Complexity: medium
Authentication: none
Confidentiality: none
Integrity: none
Availability: complete
Description
AI Translation Available
In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0046
Percentile
0,6th
Updated
EPSS Score Trend (Last 90 Days)
835
Loop with Unreachable Exit Condition ('Infinite Loop')
IncompleteCommon Consequences
Security Scopes Affected:
Availability
Potential Impacts:
Dos: Resource Consumption (Cpu)
Dos: Resource Consumption (Memory)
Dos: Amplification
Applicable Platforms
All platforms may be affected
Operating System
Ubuntu Linux by Canonical
CPE Identifier
View Detailed Analysis
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Imagemagick by Imagemagick
CPE Identifier
View Detailed Analysis
cpe:2.3:a:imagemagick:imagemagick:7.0.7-12:q16:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Ubuntu Linux by Canonical
CPE Identifier
View Detailed Analysis
cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Ubuntu Linux by Canonical
CPE Identifier
View Detailed Analysis
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Ubuntu Linux by Canonical
CPE Identifier
View Detailed Analysis
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/ImageMagick/ImageMagick/issues/869
https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html
https://usn.ubuntu.com/3681-1/
http://www.securityfocus.com/bid/102206
https://github.com/ImageMagick/ImageMagick/issues/869
https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html
https://usn.ubuntu.com/3681-1/
http://www.securityfocus.com/bid/102206