Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2015-8958

Published: 25 August 2016

coders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted SUN file.

Notes

AuthorNote
mdeslaur
This is 0091-Avoid-a-SIGABRT-in-sun-file-handling.patch,
0092-Avoid-a-SIGABRT-in-sun-file-handling.patch,
0093-Avoid-a-SIGABRT-in-sun-file-handling.patch,
0094-Avoid-a-SIGABRT-in-sun-file-handling.patch.

Priority

Low

Cvss 3 Severity Score

6.5

Score breakdown

Status

Package Release Status
imagemagick
Launchpad, Ubuntu, Debian
upstream
Released (8:6.8.9.9-5+deb8u4)
precise
Released (8:6.6.9.7-5ubuntu3.5)
xenial
Released (8:6.8.9.9-7ubuntu5.2)
yakkety
Released (8:6.8.9.9-7ubuntu8.1)
trusty
Released (8:6.7.7.10-6ubuntu3.2)
Patches:
upstream: https://github.com/ImageMagick/ImageMagick/commit/b8f17d08b7418204bf8a05a5c24e87b2fc395b75
upstream: https://github.com/ImageMagick/ImageMagick/commit/1aa0c6dab6dcef4d9bc3571866ae1c1ddbec7d8f
upstream: https://github.com/ImageMagick/ImageMagick/commit/6b4aff0f117b978502ee5bcd6e753c17aec5a961
upstream: https://github.com/ImageMagick/ImageMagick/commit/8ea44b48a182dd46d018f4b4f09a5e2ee9638105

Severity score breakdown

Parameter Value
Base score 6.5
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H