CVE-2017-11524 - Reachable Assertion

Severity

43%

Complexity

86%

Confidentiality

48%

The WriteBlob function in MagickCore/blob.c in ImageMagick before 6.9.8-10 and 7.x before 7.6.0-0 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file.

The WriteBlob function in MagickCore/blob.c in ImageMagick before 6.9.8-10 and 7.x before 7.6.0-0 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file.

CVSS 3.0 Base Score 6.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P).

Demo Examples

Reachable Assertion

CWE-617

In the excerpt below, an AssertionError (an unchecked exception) is thrown if the user hasn't entered an email address in an HTML form.


               assert email != null;

Overview

First reported 7 years ago

2017-07-23 03:29:00

Last updated 5 years ago

2019-10-03 00:03:00

Affected Software

ImageMagick

ImageMagick 7.0.0-0

7.0.0-0

ImageMagick 7.0.1-0

7.0.1-0

ImageMagick 7.0.1-1

7.0.1-1

ImageMagick 7.0.1-2

7.0.1-2

ImageMagick 7.0.1-3

7.0.1-3

ImageMagick 7.0.1-4

7.0.1-4

ImageMagick 7.0.1-5

7.0.1-5

ImageMagick 7.0.1-6

7.0.1-6

ImageMagick 7.0.1-7

7.0.1-7

ImageMagick 7.0.1-8

7.0.1-8

ImageMagick 7.0.1-9

7.0.1-9

ImageMagick 7.0.1-10

7.0.1-10

ImageMagick 7.0.2-0

7.0.2-0

ImageMagick 7.0.2-1

7.0.2-1

ImageMagick 7.0.2-2

7.0.2-2

ImageMagick 7.0.2-3

7.0.2-3

ImageMagick 7.0.2-4

7.0.2-4

ImageMagick 7.0.2-5

7.0.2-5

ImageMagick 7.0.2-6

7.0.2-6

ImageMagick 7.0.2-7

7.0.2-7

ImageMagick 7.0.2-8

7.0.2-8

ImageMagick 7.0.2-9

7.0.2-9

ImageMagick 7.0.2-10

7.0.2-10

ImageMagick 7.0.3-0

7.0.3-0

ImageMagick 7.0.3-1

7.0.3-1

ImageMagick 7.0.3-2

7.0.3-2

ImageMagick 7.0.3-3

7.0.3-3

ImageMagick 7.0.3-4

7.0.3-4

ImageMagick 7.0.3-5

7.0.3-5

ImageMagick 7.0.3-6

7.0.3-6

ImageMagick 7.0.3-7

7.0.3-7

ImageMagick 7.0.3-8

7.0.3-8

ImageMagick 7.0.3-9

7.0.3-9

ImageMagick 7.0.3-10

7.0.3-10

ImageMagick 7.0.4-0

7.0.4-0

ImageMagick 7.0.4-1

7.0.4-1

ImageMagick 7.0.4-2

7.0.4-2

ImageMagick 7.0.4-3

7.0.4-3

ImageMagick 7.0.4-4

7.0.4-4

ImageMagick 7.0.4-5

7.0.4-5

ImageMagick 7.0.4-6

7.0.4-6

ImageMagick 7.0.4-7

7.0.4-7

ImageMagick 7.0.4-8

7.0.4-8

ImageMagick 7.0.4-9

7.0.4-9

ImageMagick 7.0.4-10

7.0.4-10

ImageMagick 7.0.5-0

7.0.5-0

ImageMagick 7.0.5-1

7.0.5-1

ImageMagick 7.0.5-2

7.0.5-2

ImageMagick 7.0.5-3

7.0.5-3

ImageMagick 7.0.5-4

7.0.5-4

ImageMagick 7.0.5-5

7.0.5-5

ImageMagick 7.0.5-6

7.0.5-6

ImageMagick 7.0.5-7

7.0.5-7

ImageMagick 7.0.5-8

7.0.5-8

ImageMagick 7.0.5-9

7.0.5-9

ImageMagick 7.0.5-10

7.0.5-10

References

99934

Third Party Advisory, VDB Entry

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867798

Third Party Advisory

https://github.com/ImageMagick/ImageMagick/issues/506

Exploit, Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.