CVE-2016-10068

moderate-risk

Published 2017-03-02

The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file.

Do I need to act?

0.81% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (3)

Leap

Imagemagick

Affected Vendors

Opensuse Imagemagick Opensuse Project

References (14)

Third Party Advisory http://lists.opensuse.org/opensuse-updates/2017-02/msg00028.html

Third Party Advisory http://lists.opensuse.org/opensuse-updates/2017-02/msg00031.html

Mailing List http://www.openwall.com/lists/oss-security/2016/12/26/9

Third Party Advisory http://www.securityfocus.com/bid/95219

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1410500

Patch https://github.com/ImageMagick/ImageMagick/commit/56d6e20de489113617cbbddaf41e92...

Patch https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30797

Third Party Advisory http://lists.opensuse.org/opensuse-updates/2017-02/msg00028.html

Third Party Advisory http://lists.opensuse.org/opensuse-updates/2017-02/msg00031.html

Mailing List http://www.openwall.com/lists/oss-security/2016/12/26/9

Third Party Advisory http://www.securityfocus.com/bid/95219

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1410500

Patch https://github.com/ImageMagick/ImageMagick/commit/56d6e20de489113617cbbddaf41e92...

Patch https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30797

/ 100

moderate-risk

Severity 18/34 · Moderate

Exploitability 3/34 · Minimal

Exposure 9/34 · Low