製品・ソフトウェアに関する情報

JVN脆弱性詳細

ImageMagick の coders/psd.c におけるサービス運用妨害 (DoS) の脆弱性

Title	ImageMagick の coders/psd.c におけるサービス運用妨害 (DoS) の脆弱性
Summary	ImageMagick の coders/psd.c には、サービス運用妨害 (境界外書き込み) 状態にされる脆弱性が存在します。
Possible impacts	リモートの攻撃者により、巧妙に細工された PSD ファイルを介して、サービス運用妨害 (境界外書き込み) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Feb. 13, 2016, midnight
Registration Date	May 17, 2017, noon
Last Update	May 17, 2017, noon

Affected System

ImageMagick

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2016-7535	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7535
National Vulnerability Database (NVD)
2	CVE-2016-7535	https://nvd.nist.gov/vuln/detail/CVE-2016-7535

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-787	https://cwe.mitre.org/data/definitions/787.html

ベンダー情報

No	Name	URL
GitHub
1	out-of-bounds write in coders/psd.c:2225 #128	https://github.com/ImageMagick/ImageMagick/issues/128
Launchpad
2	Bug #1545180	https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545180
Red Hat Bugzilla
3	Bug 1378768	https://bugzilla.redhat.com/show_bug.cgi?id=1378768

Change Log

No	Changed Details	Date of change
0	[2017年05月17日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2016-7535

Summary	coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PSD file.
Publication Date	April 21, 2017, 3:59 a.m.
Registration Date	Jan. 26, 2021, 2:17 p.m.
Last Update	Nov. 21, 2024, 11:58 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:imagemagick:imagemagick::::::::					6.9.4-0

Related information, measures and tools

No	URL	タグ
1	http://www.openwall.com/lists/oss-security/2016/09/22/2	Mailing List Patch Third Party Advisory
2	http://www.openwall.com/lists/oss-security/2016/09/22/2	Mailing List Patch Third Party Advisory
3	http://www.securityfocus.com/bid/93131	Third Party Advisory VDB Entry
4	http://www.securityfocus.com/bid/93131	Third Party Advisory VDB Entry
5	https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545180	Issue Tracking Third Party Advisory
6	https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545180	Issue Tracking Third Party Advisory
7	https://bugzilla.redhat.com/show_bug.cgi?id=1378768	Issue Tracking Patch
8	https://bugzilla.redhat.com/show_bug.cgi?id=1378768	Issue Tracking Patch
9	https://github.com/ImageMagick/ImageMagick/issues/128	Issue Tracking Patch Vendor Advisory
10	https://github.com/ImageMagick/ImageMagick/issues/128	Issue Tracking Patch Vendor Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-787	境界外書き込み	https://cwe.mitre.org/data/definitions/787.html