CVE-2005-1739Infinite Loop in Imagemagick

6 documents6 sources
Severity
5.0MEDIUMNVD
EPSS
12.1%
top 6.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
ImagemagickDebian ImagemagickGraphicsmagick
Timeline
PublishedMay 24
Latest updateMay 1

Description

The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick before 1.1.6-r1, allows remote attackers to cause a denial of service (infinite loop) via an image with a zero color mask.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

debiandebian/imagemagick< imagemagick 6:6.0.6.2-2.4 (bookworm)
Debianimagemagick/imagemagick< 6:6.0.6.2-2.4+3
NVDimagemagick/imagemagick36 versions+35

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-fqg8-v2mm-x3f8: The XWD Decoder in ImageMagick before 62022-05-01
OSV
CVE-2005-1739: The XWD Decoder in ImageMagick before 62005-05-24

📋Vendor Advisories

2
Red Hat
security flaw2005-04-25
Debian
CVE-2005-1739: imagemagick - The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick before 1.1.6-r...2005

💬Community

1
Bugzilla
CVE-2005-1739 security flaw2018-08-16