Base Score

MEDIUM6.5

CVE-2016-7522

The ReadPSDImage function in MagickCore/locale.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.

VectorNETWORK

Published Bysecurity@debian.org

Published DateApr 19, 2017, 14:59

Weakness Type (CWE):CWE-125

CVSS Metrics

Base Score

6.5

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH

References

http://www.openwall.com/lists/oss-security/2016/09/22/2
http://www.securityfocus.com/bid/93131
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1537419
https://bugzilla.redhat.com/show_bug.cgi?id=1378751
https://github.com/ImageMagick/ImageMagick/commit/4b1b9c0522628887195bad3a6723f7000b0c9a58
https://github.com/ImageMagick/ImageMagick/issues/93

Base Score

MEDIUM6.5

Weakness Type (CWE):CWE-125

CVSS Metrics

Base Score

6.5

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH