#VU834 Denial of service - CVE-2016-7799

Cybersecurity Help s.r.o.

Published: 2016-10-08 | Updated: 2016-10-11

Vulnerability identifier: #VU834

Vulnerability risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2016-7799

CWE-ID: CWE-122

Exploitation vector: Network

Exploit availability: No

Description
The vulnerability allows a remote unauthenticated user to cause DoS conditions on the vulnerable system.
The weakness exists due to buffer over read caused by malicious file and allowing attackers to cause the affected application to crash.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.

Mitigation
Update to version 6.9.6.0-1.

External links
https://access.redhat.com/security/cve/CVE-2016-7799

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Gentoo update for ImageMagick

Denial of service in imagemagick (Alpine package)

Arch Linux update for imagemagick