Base Score

CRITICAL9.8

CVE-2016-10145

Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy.

VectorNETWORK

Published Bysecurity@debian.org

Published DateMar 24, 2017, 15:59

Weakness Type (CWE):CWE-189

CVSS Metrics

Base Score

9.8

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Severity

CRITICAL

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

http://www.debian.org/security/2017/dsa-3799
http://www.openwall.com/lists/oss-security/2017/01/16/6
http://www.openwall.com/lists/oss-security/2017/01/17/5
http://www.securityfocus.com/bid/95749
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851483
https://github.com/ImageMagick/ImageMagick/commit/d23beebe7b1179fb75db1e85fbca3100e49593d9
https://security.gentoo.org/glsa/201702-09

Base Score

CRITICAL9.8

Weakness Type (CWE):CWE-189

CVSS Metrics

Base Score

9.8

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Severity

CRITICAL

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH