Cyber Security Daily Radar

#cwe-567

共收录 2 条相关安全情报。

← 返回所有主题
INFO EPSS 0%
VULNERABILITY 2026-06-10

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick ...

推荐 3.4
Conf: 50%
CVE-2026-46693

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can hijack a file descriptor in the server process when a race condition is met. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.

💡 影响/原因: 原文内容(由于配额限制,未进行深度 LLM 分析)

🎯 建议动作: 建议根据原文自行评估

来自 NVD
排序因子: Primary 数据源 (+3) | LLM 评分加成 (+0.4)
INFO
ADVISORY 2026-05-22

ImageMagick: Race Condition in distributed pixel cache server can result in file descriptor hijacking

推荐 7.4
Conf: 50%
Magick.NET-Q16-AnyCPU, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-HDRI-OpenMP-arm64, Magick.NET-Q16-HDRI-arm64, Magick.NET-Q16-HDRI-x64, Magick.NET-Q16-HDRI-x86, Magick.NET-Q16-OpenMP-arm64, Magick.NET-Q16-OpenMP-x64, Magick.NET-Q16-arm64, Magick.NET-Q16-x64, Magick.NET-Q16-x86, Magick.NET-Q8-AnyCPU, Magick.NET-Q8-OpenMP-arm64, Magick.NET-Q8-OpenMP-x64, Magick.NET-Q8-arm64, Magick.NET-Q8-x64, Magick.NET-Q8-x86

An attacker who can connect to a magick -distribute-cache service can hijack a file descriptor in the server process when a race condition is met.

💡 风险点: 原文内容(由于配额限制,未进行深度 LLM 分析)

🎯 建议动作: 建议根据原文自行评估

来自 GitHub Advisory
排序因子: 有可用补丁/修复方案 (+3) | Secondary 数据源 (+2) | 包含 CVE (+2) | LLM 评分加成 (+0.4)