製品・ソフトウェアに関する情報

JVN脆弱性詳細

ImageMagick の coders/viff.c の ReadVIFFImage 関数におけるサービス運用妨害 (DoS) の脆弱性

Title	ImageMagick の coders/viff.c の ReadVIFFImage 関数におけるサービス運用妨害 (DoS) の脆弱性
Summary	ImageMagick の coders/viff.c の ReadVIFFImage 関数には、サービス運用妨害 (セグメンテーション違反) 状態にされる脆弱性が存在します。
Possible impacts	リモートの攻撃者により、巧妙に細工された VIFF ファイルを介して、サービス運用妨害 (セグメンテーション違反) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Jan. 25, 2016, midnight
Registration Date	May 17, 2017, noon
Last Update	May 17, 2017, noon

Affected System

ImageMagick

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2016-7528	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7528
National Vulnerability Database (NVD)
2	CVE-2016-7528	https://nvd.nist.gov/vuln/detail/CVE-2016-7528

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-125	https://cwe.mitre.org/data/definitions/125.html

ベンダー情報

No	Name	URL
GitHub
1	#99	https://github.com/ImageMagick/ImageMagick/commit/ca0c886abd6d3ef335eb74150cd23b89ebd17135
2	SEGV in coders/viff.c:692:35 #99	https://github.com/ImageMagick/ImageMagick/issues/99
Launchpad
3	Bug #1537425	https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1537425
Red Hat Bugzilla
4	Bug 1378760	https://bugzilla.redhat.com/show_bug.cgi?id=1378760

Change Log

No	Changed Details	Date of change
0	[2017年05月17日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2016-7528

Summary	The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted VIFF file.
Publication Date	April 19, 2017, 11:59 p.m.
Registration Date	Jan. 26, 2021, 2:17 p.m.
Last Update	Nov. 21, 2024, 11:58 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:imagemagick:imagemagick::::::::					6.9.4-0

Related information, measures and tools

No	URL	タグ
1	http://www.openwall.com/lists/oss-security/2016/09/22/2	Mailing List Patch Third Party Advisory
2	http://www.openwall.com/lists/oss-security/2016/09/22/2	Mailing List Patch Third Party Advisory
3	http://www.securityfocus.com/bid/93226	Third Party Advisory VDB Entry
4	http://www.securityfocus.com/bid/93226	Third Party Advisory VDB Entry
5	https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1537425	Issue Tracking Third Party Advisory
6	https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1537425	Issue Tracking Third Party Advisory
7	https://bugzilla.redhat.com/show_bug.cgi?id=1378760	Issue Tracking Third Party Advisory
8	https://bugzilla.redhat.com/show_bug.cgi?id=1378760	Issue Tracking Third Party Advisory
9	https://github.com/ImageMagick/ImageMagick/commit/7be16a280014f895a951db4948df316a23dabc09	Patch Vendor Advisory
10	https://github.com/ImageMagick/ImageMagick/commit/7be16a280014f895a951db4948df316a23dabc09	Patch Vendor Advisory
11	https://github.com/ImageMagick/ImageMagick/commit/ca0c886abd6d3ef335eb74150cd23b89ebd17135	Patch
12	https://github.com/ImageMagick/ImageMagick/commit/ca0c886abd6d3ef335eb74150cd23b89ebd17135	Patch
13	https://github.com/ImageMagick/ImageMagick/issues/99	Issue Tracking Patch Vendor Advisory
14	https://github.com/ImageMagick/ImageMagick/issues/99	Issue Tracking Patch Vendor Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-125	境界外読み取り	https://cwe.mitre.org/data/definitions/125.html