CVE-2015-8896

9 documents8 sources

Severity

6.5MEDIUM

EPSS

0.5%

top 32.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagemagick Imagemagick Oracle Linux Redhat Enterprise Linux Desktop +5 more

Timeline

PublishedMar 15

Latest updateMay 13

Description

Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

▶NVDimagemagick/imagemagick7.0.0-0 — 7.0.5-0+1

▶Debianimagemagick< 8:6.8.9.9-7+3

▶NVDoracle/linux6, 7+1

▶NVDredhat/enterprise_linux_server6.0, 7.0+1

▶NVDredhat/enterprise_linux_desktop6.0, 7.0+1

Also affects: Enterprise Linux 7.2, 7.3, 7.4, 7.5, 7.6, 7.7

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-xq66-cgv3-7wmx: Integer truncation issue in coders/pict↗2022-05-13

▶

OSV

CVE-2015-8896: Integer truncation issue in coders/pict↗2017-03-15

▶

CVEList

CVE-2015-8896: Integer truncation issue in coders/pict↗2017-03-15

▶

📋Vendor Advisories

Ubuntu

ImageMagick vulnerabilities↗2016-11-21

▶

Red Hat

ImageMagick: Integer truncation vulnerability in coders/pict.c↗2015-04-26

▶

Debian

CVE-2015-8896: imagemagick - Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows r...↗2015

▶

💬Community

Bugzilla

CVE-2015-8896 ImageMagick: Integer truncation vulnerability in coders/pict.c↗2015-10-07

▶

Bugzilla

CVE-2015-8894 CVE-2015-8896 ImageMagick: Double free vulnerabilities in coders/{pict.c,tga.c} [fedora-all]↗2015-10-07

▶