製品・ソフトウェアに関する情報

JVN脆弱性詳細

ImageMagick の magick/profile.c におけるサービス運用妨害 (DoS) の脆弱性

Title	ImageMagick の magick/profile.c におけるサービス運用妨害 (DoS) の脆弱性
Summary	ImageMagick の magick/profile.c には、サービス運用妨害 (セグメンテーション違反) 状態にされる脆弱性が存在します。
Possible impacts	リモートの攻撃者により、巧妙に細工されたプロファイルを介して、サービス運用妨害 (セグメンテーション違反) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Feb. 14, 2016, midnight
Registration Date	May 17, 2017, noon
Last Update	May 17, 2017, noon

Affected System

ImageMagick

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2016-7536	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7536
National Vulnerability Database (NVD)
2	CVE-2016-7536	https://nvd.nist.gov/vuln/detail/CVE-2016-7536

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-20	https://jvndb.jvn.jp/ja/cwe/CWE-20.html

ベンダー情報

No	Name	URL
GitHub
1	Fixed SEGV reported in #130	https://github.com/ImageMagick/ImageMagick/commit/478cce544fdf1de882d78381768458f397964453
2	SEGV in ImageMagick/MagickCore/locale.c:1517 #130	https://github.com/ImageMagick/ImageMagick/issues/130
Launchpad
3	Bug #1545367	https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545367
Red Hat Bugzilla
4	Bug 1378772	https://bugzilla.redhat.com/show_bug.cgi?id=1378772

Change Log

No	Changed Details	Date of change
0	[2017年05月17日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2016-7536

Summary	magick/profile.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted profile.
Publication Date	April 21, 2017, 3:59 a.m.
Registration Date	Jan. 26, 2021, 2:17 p.m.
Last Update	Nov. 21, 2024, 11:58 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:imagemagick:imagemagick::::::::					6.9.4-0

Related information, measures and tools

No	URL	タグ
1	http://www.openwall.com/lists/oss-security/2016/09/22/2	Mailing List Patch Third Party Advisory
2	http://www.openwall.com/lists/oss-security/2016/09/22/2	Mailing List Patch Third Party Advisory
3	http://www.securityfocus.com/bid/93225	Third Party Advisory VDB Entry
4	http://www.securityfocus.com/bid/93225	Third Party Advisory VDB Entry
5	https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545367	Issue Tracking Third Party Advisory
6	https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545367	Issue Tracking Third Party Advisory
7	https://bugzilla.redhat.com/show_bug.cgi?id=1378772	Issue Tracking Third Party Advisory
8	https://bugzilla.redhat.com/show_bug.cgi?id=1378772	Issue Tracking Third Party Advisory
9	https://github.com/ImageMagick/ImageMagick/commit/02dadf116124cfba35d7ebd9ced3e5ad0be0f176	Patch Third Party Advisory
10	https://github.com/ImageMagick/ImageMagick/commit/02dadf116124cfba35d7ebd9ced3e5ad0be0f176	Patch Third Party Advisory
11	https://github.com/ImageMagick/ImageMagick/commit/478cce544fdf1de882d78381768458f397964453	Patch
12	https://github.com/ImageMagick/ImageMagick/commit/478cce544fdf1de882d78381768458f397964453	Patch
13	https://github.com/ImageMagick/ImageMagick/issues/130	Issue Tracking Patch Vendor Advisory
14	https://github.com/ImageMagick/ImageMagick/issues/130	Issue Tracking Patch Vendor Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-20	不適切な入力確認	https://cwe.mitre.org/data/definitions/20.html