製品・ソフトウェアに関する情報

JVN脆弱性詳細

ImageMagick の generic decoder におけるサービス運用妨害 (DoS) の脆弱性

Title	ImageMagick の generic decoder におけるサービス運用妨害 (DoS) の脆弱性
Summary	ImageMagick の generic decoder には、サービス運用妨害 (境界外アクセス) 状態にされる脆弱性が存在します。
Possible impacts	リモートの攻撃者により、巧妙に細工されたファイルを介して、サービス運用妨害 (境界外アクセス) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Feb. 7, 2016, midnight
Registration Date	May 17, 2017, noon
Last Update	May 17, 2017, noon

Affected System

ImageMagick

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2016-7534	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7534
National Vulnerability Database (NVD)
2	CVE-2016-7534	https://nvd.nist.gov/vuln/detail/CVE-2016-7534

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-125	https://cwe.mitre.org/data/definitions/125.html

ベンダー情報

No	Name	URL
GitHub
1	#126	https://github.com/ImageMagick/ImageMagick/commit/430403b0029b37decf216d57f810899cab2317dd
2	out-of-bounds write in ./MagickCore/pixel-accessor.h:839 #126	https://github.com/ImageMagick/ImageMagick/issues/126
Launchpad
3	Bug #1542785	https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542785
Red Hat Bugzilla
4	Bug 1378767	https://bugzilla.redhat.com/show_bug.cgi?id=1378767

Change Log

No	Changed Details	Date of change
0	[2017年05月17日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2016-7534

Summary	The generic decoder in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted file.
Publication Date	April 21, 2017, 3:59 a.m.
Registration Date	Jan. 26, 2021, 2:17 p.m.
Last Update	Nov. 21, 2024, 11:58 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:imagemagick:imagemagick::::::::					6.9.4-0

Related information, measures and tools

No	URL	タグ
1	http://www.openwall.com/lists/oss-security/2016/09/22/2	Mailing List Patch Third Party Advisory
2	http://www.openwall.com/lists/oss-security/2016/09/22/2	Mailing List Patch Third Party Advisory
3	http://www.securityfocus.com/bid/93131	Third Party Advisory VDB Entry
4	http://www.securityfocus.com/bid/93131	Third Party Advisory VDB Entry
5	https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542785	Issue Tracking Third Party Advisory
6	https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542785	Issue Tracking Third Party Advisory
7	https://bugzilla.redhat.com/show_bug.cgi?id=1378767	Issue Tracking Patch Third Party Advisory
8	https://bugzilla.redhat.com/show_bug.cgi?id=1378767	Issue Tracking Patch Third Party Advisory
9	https://github.com/ImageMagick/ImageMagick/commit/430403b0029b37decf216d57f810899cab2317dd	Patch Third Party Advisory
10	https://github.com/ImageMagick/ImageMagick/commit/430403b0029b37decf216d57f810899cab2317dd	Patch Third Party Advisory
11	https://github.com/ImageMagick/ImageMagick/issues/126	Issue Tracking Patch Third Party Advisory
12	https://github.com/ImageMagick/ImageMagick/issues/126	Issue Tracking Patch Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-125	境界外読み取り	https://cwe.mitre.org/data/definitions/125.html