Denial of Service via heap use-after-free vulnerability
Summary
ImageMagick before 7.1.2-15 and 6.9.13-40 contains a heap use-after-free in the meta coder: when memory allocation fails, a single byte is written to a stale pointer. Remote attackers can trigger it by processing specially crafted image files, causing a denial of service. A flaw was found in ImageMagick. This ImageMagick flaw is rated as Low impact. The impact is limited to availability, and the attack requires specific conditions, making successful exploitation less probable in typical Red Hat deployments unless processing untrusted images. Red Hat severity: Low — CVSS 3.7 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Weakness: CWE-825. Affected Red Hat products: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
- < 7.1.2-15
- < 6.9.13-40
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Mitigation checklist
- Since this vulnerability is isolated entirely within ImageMagick's meta coder, the mitigation is to disable that specific coder.
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.