CVE-2015-8895
HIGHImageMagick 6.9.1-3 and later - Denial of Service via Integer Overflow in Icon Coder
Title source: llmDescription
Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer overflow.
References (6)
Core 6
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2016:1237
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Issue Tracking x_refsource_misc
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1459747
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/91025
Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/06/02/13
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734
Scores
CVSS v3
7.5
EPSS
0.0147
EPSS Percentile
81.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-190
Status
published
Products (50)
imagemagick/imagemagick
6.9.1-3
imagemagick/imagemagick
6.9.1-4
imagemagick/imagemagick
6.9.1-5
imagemagick/imagemagick
6.9.1-6
imagemagick/imagemagick
6.9.1-7
imagemagick/imagemagick
6.9.1-8
imagemagick/imagemagick
6.9.1-9
imagemagick/imagemagick
6.9.2-0
imagemagick/imagemagick
6.9.2-1
imagemagick/imagemagick
6.9.2-2
... and 40 more
Published
Mar 15, 2017
Tracked Since
Feb 18, 2026