CVE-2015-8895

Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer overflow.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.openwall.com/lists/oss-security/2016/06/02/13	Mailing List Patch Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.securityfocus.com/bid/91025	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2016:1237
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1459747	Issue Tracking
https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734	Issue Tracking Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/06/02/13	Mailing List Patch Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.securityfocus.com/bid/91025	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2016:1237
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1459747	Issue Tracking
https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734	Issue Tracking Patch Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:imagemagick:imagemagick:6.9.1-3:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.9.1-4:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.9.1-5:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.9.1-6:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.9.1-7:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.9.1-8:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.9.1-9:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.9.2-0:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.9.2-1:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.9.2-2:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.9.2-3:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.9.2-4:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.9.2-5:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.9.2-6:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.9.2-7:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.9.2-8:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.9.2-9:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.9.2-10:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.9.3-0:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.9.3-1:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.9.3-2:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.9.3-3:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.9.3-4:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.9.3-5:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.9.3-6:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.9.3-7:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.9.3-8:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.9.3-9:::::::*
	cpe:2.3:a:imagemagick:imagemagick:6.9.3-10:::::::*
	cpe:2.3:a:imagemagick:imagemagick:7.0.1-0:::::::*
	cpe:2.3:a:imagemagick:imagemagick:7.0.1-1:::::::*
	cpe:2.3:a:imagemagick:imagemagick:7.0.1-2:::::::*
	cpe:2.3:a:imagemagick:imagemagick:7.0.1-3:::::::*
	cpe:2.3:a:imagemagick:imagemagick:7.0.1-4:::::::*
	cpe:2.3:a:imagemagick:imagemagick:7.0.1-5:::::::*
	cpe:2.3:a:imagemagick:imagemagick:7.0.1-6:::::::*
	cpe:2.3:a:imagemagick:imagemagick:7.0.1-7:::::::*
	cpe:2.3:a:imagemagick:imagemagick:7.0.1-8:::::::*
	cpe:2.3:a:imagemagick:imagemagick:7.0.1-9:::::::*
	cpe:2.3:a:imagemagick:imagemagick:7.0.1-10:::::::*
	cpe:2.3:a:imagemagick:imagemagick:7.0.2-0:::::::*
	cpe:2.3:a:imagemagick:imagemagick:7.0.2-1:::::::*
	cpe:2.3:a:imagemagick:imagemagick:7.0.2-2:::::::*
	cpe:2.3:a:imagemagick:imagemagick:7.0.2-3:::::::*
	cpe:2.3:a:imagemagick:imagemagick:7.0.2-4:::::::*
	cpe:2.3:a:imagemagick:imagemagick:7.0.2-5:::::::*
	cpe:2.3:a:imagemagick:imagemagick:7.0.2-6:::::::*
	cpe:2.3:a:imagemagick:imagemagick:7.0.2-7:::::::*
	cpe:2.3:a:imagemagick:imagemagick:7.0.2-8:::::::*
	cpe:2.3:a:imagemagick:imagemagick:7.0.2-9:::::::*
	cpe:2.3:a:imagemagick:imagemagick:7.0.2-10:::::::*
	cpe:2.3:a:imagemagick:imagemagick:7.0.3-0:::::::*
	cpe:2.3:a:imagemagick:imagemagick:7.0.3-1:::::::*
	cpe:2.3:a:imagemagick:imagemagick:7.0.3-2:::::::*
	cpe:2.3:a:imagemagick:imagemagick:7.0.3-3:::::::*
	cpe:2.3:a:imagemagick:imagemagick:7.0.3-4:::::::*
	cpe:2.3:a:imagemagick:imagemagick:7.0.3-5:::::::*
	cpe:2.3:a:imagemagick:imagemagick:7.0.3-6:::::::*
	cpe:2.3:a:imagemagick:imagemagick:7.0.3-7:::::::*
	cpe:2.3:a:imagemagick:imagemagick:7.0.3-8:::::::*
	cpe:2.3:a:imagemagick:imagemagick:7.0.3-9:::::::*
	cpe:2.3:a:imagemagick:imagemagick:7.0.3-10:::::::*
	cpe:2.3:a:imagemagick:imagemagick:7.0.4-0:::::::*
	cpe:2.3:a:imagemagick:imagemagick:7.0.4-1:::::::*
cpe:2.3:a:imagemagick:imagemagick:7.0.4-2:::::::*
cpe:2.3:a:imagemagick:imagemagick:7.0.4-3:::::::*
cpe:2.3:a:imagemagick:imagemagick:7.0.4-4:::::::*
cpe:2.3:a:imagemagick:imagemagick:7.0.4-5:::::::*
cpe:2.3:a:imagemagick:imagemagick:7.0.4-6:::::::*
cpe:2.3:a:imagemagick:imagemagick:7.0.4-7:::::::*
cpe:2.3:a:imagemagick:imagemagick:7.0.4-8:::::::*
cpe:2.3:a:imagemagick:imagemagick:7.0.4-9:::::::*
cpe:2.3:a:imagemagick:imagemagick:7.0.4-10:::::::*
cpe:2.3:a:imagemagick:imagemagick:7.0.5-0:::::::*

History

21 Nov 2024, 02:39

Type	Values Removed	Values Added
References	~~() http://www.openwall.com/lists/oss-security/2016/06/02/13 - Mailing List, Patch, Third Party Advisory~~	() http://www.openwall.com/lists/oss-security/2016/06/02/13 - Mailing List, Patch, Third Party Advisory
References	~~() http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html -~~	() http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html -
References	~~() http://www.securityfocus.com/bid/91025 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/91025 - Third Party Advisory, VDB Entry
References	~~() https://access.redhat.com/errata/RHSA-2016:1237 -~~	() https://access.redhat.com/errata/RHSA-2016:1237 -
References	~~() https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1459747 - Issue Tracking~~	() https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1459747 - Issue Tracking
References	~~() https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734 - Issue Tracking, Patch, Third Party Advisory~~	() https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734 - Issue Tracking, Patch, Third Party Advisory

Information

Published : 2017-03-15 19:59

Updated : 2024-11-21 02:39

NVD link : CVE-2015-8895

Mitre link : CVE-2015-8895

CVE.ORG link : CVE-2015-8895

JSON object : View

Products Affected

imagemagick

imagemagick

CWE

CWE-190

Integer Overflow or Wraparound

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2015-8895

7.5^/10

5.0^/10

Attach tags to `CVE-2015-8895`