製品・ソフトウェアに関する情報

JVN脆弱性詳細

ImageMagick の quantum handling code におけるサービス運用妨害 (DoS) の脆弱性

Title	ImageMagick の quantum handling code におけるサービス運用妨害 (DoS) の脆弱性
Summary	ImageMagick の quantum handling コードには、サービス運用妨害 (ゼロ除算エラーおよび境界外書き込み) 状態にされる脆弱性が存在します。
Possible impacts	リモートの攻撃者により、巧妙に細工されたファイルを介して、サービス運用妨害 (ゼロ除算エラーおよび境界外書き込み) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Jan. 30, 2016, midnight
Registration Date	May 17, 2017, noon
Last Update	May 17, 2017, noon

CVSS3.0 : 警告
Score	6.5
Vector	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVSS2.0 : 警告
Score	4.3
Vector	AV:N/AC:M/Au:N/C:N/I:N/A:P

Affected System

ImageMagick

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2016-7530	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7530
National Vulnerability Database (NVD)
2	CVE-2016-7530	https://nvd.nist.gov/vuln/detail/CVE-2016-7530

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-369	https://cwe.mitre.org/data/definitions/369.html

ベンダー情報

No	Name	URL
GitHub
1	#105	https://github.com/ImageMagick/ImageMagick/commit/c4e63ad30bc42da691f2b5f82a24516dd6b4dc70
2	#110	https://github.com/ImageMagick/ImageMagick/commit/b5ed738f8060266bf4ae521f7e3ed145aa4498a3
3	Fix signature mismatch	https://github.com/ImageMagick/ImageMagick/commit/63346f34f9d19179599b5b256e5e8d3dda46435c
4	out-of-bounds write in ./MagickCore/quantum-private.h:178 #105	https://github.com/ImageMagick/ImageMagick/issues/105
5	SIGFPE, Arithmetic exception in MagickCore/quantum.c:687 #110	https://github.com/ImageMagick/ImageMagick/issues/110
Launchpad
6	Bug #1539053	https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539053
7	Bug #1539067	https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539067
Red Hat Bugzilla
8	Bug 1378762	https://bugzilla.redhat.com/show_bug.cgi?id=1378762

Change Log

No	Changed Details	Date of change
0	[2017年05月17日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2016-7530

Summary	The quantum handling code in ImageMagick allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds write) via a crafted file.
Publication Date	April 21, 2017, 3:59 a.m.
Registration Date	Jan. 26, 2021, 2:17 p.m.
Last Update	Nov. 21, 2024, 11:58 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:imagemagick:imagemagick::::::::					6.9.4-0

Related information, measures and tools

No	URL	タグ
1	http://www.openwall.com/lists/oss-security/2016/09/22/2	Mailing List Patch Third Party Advisory
2	http://www.openwall.com/lists/oss-security/2016/09/22/2	Mailing List Patch Third Party Advisory
3	http://www.securityfocus.com/bid/93131	Third Party Advisory VDB Entry
4	http://www.securityfocus.com/bid/93131	Third Party Advisory VDB Entry
5	https://bugs.launchpad.net/bugs/1539053	Issue Tracking Third Party Advisory
6	https://bugs.launchpad.net/bugs/1539053	Issue Tracking Third Party Advisory
7	https://bugs.launchpad.net/bugs/1539067	Issue Tracking Third Party Advisory
8	https://bugs.launchpad.net/bugs/1539067	Issue Tracking Third Party Advisory
9	https://bugzilla.redhat.com/show_bug.cgi?id=1378762	Issue Tracking Patch Third Party Advisory
10	https://bugzilla.redhat.com/show_bug.cgi?id=1378762	Issue Tracking Patch Third Party Advisory
11	https://github.com/ImageMagick/ImageMagick/commit/63346f34f9d19179599b5b256e5e8d3dda46435c	Patch
12	https://github.com/ImageMagick/ImageMagick/commit/63346f34f9d19179599b5b256e5e8d3dda46435c	Patch
13	https://github.com/ImageMagick/ImageMagick/commit/b5ed738f8060266bf4ae521f7e3ed145aa4498a3	Patch
14	https://github.com/ImageMagick/ImageMagick/commit/b5ed738f8060266bf4ae521f7e3ed145aa4498a3	Patch
15	https://github.com/ImageMagick/ImageMagick/commit/c4e63ad30bc42da691f2b5f82a24516dd6b4dc70	Patch
16	https://github.com/ImageMagick/ImageMagick/commit/c4e63ad30bc42da691f2b5f82a24516dd6b4dc70	Patch
17	https://github.com/ImageMagick/ImageMagick/issues/105	Issue Tracking Patch Vendor Advisory
18	https://github.com/ImageMagick/ImageMagick/issues/105	Issue Tracking Patch Vendor Advisory
19	https://github.com/ImageMagick/ImageMagick/issues/110	Issue Tracking Patch Vendor Advisory
20	https://github.com/ImageMagick/ImageMagick/issues/110	Issue Tracking Patch Vendor Advisory

Common Vulnerabilities List