Denial of Service via specially crafted VIFF images
Summary
ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the VIFF encoder when memory allocation fails. Attackers can trigger allocation failures by processing specially crafted VIFF images to exhaust available memory and cause denial of service. A flaw was found in ImageMagick. This vulnerability involves a memory leak within the VIFF encoder, a component responsible for handling image files. This action can exhaust available system memory, leading to a denial of service (DoS) where the system becomes unresponsive. Red Hat severity: Low — CVSS 2.9 (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Weakness: CWE-772. Under investigation: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7.
- < 7.1.2-26
Official advisory · high-confidence parse· fetched 1 hour ago·verify at source
Mitigation
Mitigation steps weren't captured by the parser for this advisory — this is a parsing gap, not a statement that no fix exists. Read the vendor advisory below for the authoritative guidance.
Official advisory · high-confidence parse· fetched 1 hour ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.