Vulnerability Details : CVE-2017-6498
An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus leading to DoS.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2017-6498
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.9.7:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-6498
0.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 57 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-6498
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2017-6498
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-6498
-
https://github.com/ImageMagick/ImageMagick/commit/65f75a32a93ae4044c528a987a68366ecd4b46b9
https://github.com/ImageMagick/ImageMagick/pull/359 · ImageMagick/ImageMagick@65f75a3 · GitHubPatch
-
https://github.com/ImageMagick/ImageMagick/pull/359
Fix variable reuse confusion in WriteTGAImage causing assertion failure by Javantea · Pull Request #359 · ImageMagick/ImageMagick · GitHubPatch;Third Party Advisory
-
https://bugs.debian.org/856878
#856878 - CVE-2017-6498: TGA files could trigger assertion failures - Debian Bug report logsIssue Tracking;Mailing List;Third Party Advisory
-
http://www.debian.org/security/2017/dsa-3808
Debian -- Security Information -- DSA-3808-1 imagemagickThird Party Advisory
-
http://www.securityfocus.com/bid/96591
ImageMagick CVE-2017-6498 Local Denial of Service VulnerabilityThird Party Advisory;VDB Entry
Jump to