製品・ソフトウェアに関する情報

JVN脆弱性詳細

ImageMagick の coders/rgf.c におけるサービス運用妨害 (DoS) の脆弱性

Title	ImageMagick の coders/rgf.c におけるサービス運用妨害 (DoS) の脆弱性
Summary	ImageMagick の coders/rgf.c には、サービス運用妨害 (表明違反) 状態にされる脆弱性が存在します。
Possible impacts	リモートの攻撃者により、画像を rgf 形式に変換されることで、サービス運用妨害 (表明違反) 状態にされる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Jan. 19, 2016, midnight
Registration Date	May 17, 2017, noon
Last Update	May 17, 2017, noon

Affected System

ImageMagick

ImageMagick 6.9.4-10 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2016-7540	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7540
National Vulnerability Database (NVD)
2	CVE-2016-7540	https://nvd.nist.gov/vuln/detail/CVE-2016-7540

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-19	https://cwe.mitre.org/data/definitions/19.html

ベンダー情報

No	Name	URL
GitHub
1	Fix abort when writing to rgf format	https://github.com/ImageMagick/ImageMagick/commit/a0108a892f9ea3c2bb1e7a49b7d71376c2ecbff7
2	Fix abort when writing to rgf format #223	https://github.com/ImageMagick/ImageMagick/pull/223
Launchpad
3	Bug #1594060	https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1594060
Red Hat Bugzilla
4	Bug 1378777	https://bugzilla.redhat.com/show_bug.cgi?id=1378777

Change Log

No	Changed Details	Date of change
0	[2017年05月17日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2016-7540

Summary	coders/rgf.c in ImageMagick before 6.9.4-10 allows remote attackers to cause a denial of service (assertion failure) by converting an image to rgf format.
Publication Date	April 21, 2017, 3:59 a.m.
Registration Date	Jan. 26, 2021, 2:17 p.m.
Last Update	Nov. 21, 2024, 11:58 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:imagemagick:imagemagick::::::::			6.9.4-9

Related information, measures and tools

No	URL	タグ
1	http://www.openwall.com/lists/oss-security/2016/09/22/2	Mailing List Patch Third Party Advisory
2	http://www.openwall.com/lists/oss-security/2016/09/22/2	Mailing List Patch Third Party Advisory
3	http://www.securityfocus.com/bid/93228	Third Party Advisory VDB Entry
4	http://www.securityfocus.com/bid/93228	Third Party Advisory VDB Entry
5	https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1594060	Issue Tracking Third Party Advisory
6	https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1594060	Issue Tracking Third Party Advisory
7	https://bugzilla.redhat.com/show_bug.cgi?id=1378777	Issue Tracking Patch Third Party Advisory
8	https://bugzilla.redhat.com/show_bug.cgi?id=1378777	Issue Tracking Patch Third Party Advisory
9	https://github.com/ImageMagick/ImageMagick/commit/a0108a892f9ea3c2bb1e7a49b7d71376c2ecbff7	Patch
10	https://github.com/ImageMagick/ImageMagick/commit/a0108a892f9ea3c2bb1e7a49b7d71376c2ecbff7	Patch
11	https://github.com/ImageMagick/ImageMagick/pull/223	Issue Tracking Patch Vendor Advisory
12	https://github.com/ImageMagick/ImageMagick/pull/223	Issue Tracking Patch Vendor Advisory

Common Vulnerabilities List