CVE-2017-6500 Information

Description

An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer over-read.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Reference

http://www.debian.org/security/2017/dsa-3808 http://www.securityfocus.com/bid/96592 https://bugs.debian.org/856879 https://github.com/ImageMagick/ImageMagick/commit/3007531bfd326c5c1e29cd41d2cd80c166de8528 https://github.com/ImageMagick/ImageMagick/issues/375 https://github.com/ImageMagick/ImageMagick/issues/376

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

5.5