CVE-2017-12434
Debian Security Advisory 4019-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In ImageMagick 7.0.6-1, a missing NULL check vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service (assertion failure) in DestroyImageInfo in image.c.
Se ha encontrado una vulnerabilidad de falta de comprobación NULL en ImageMagick 7.0.6-1, en la función ReadMATImage en coders/mat.c. Esta vulnerabilidad permite que los atacantes provoquen una denegación de servicio (fallo de aserción) en DestroyImageInfo en image.c.
This update fixes several vulnerabilities in imagemagick. Various memory handling problems and cases of missing or incomplete input sanitizing may result in denial of service, memory disclosure or the execution of arbitrary code if malformed image files are processed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-08-04 CVE Reserved
- 2017-08-04 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-617: Reachable Assertion
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/ImageMagick/ImageMagick/issues/547 | 2019-10-03 |
| URL | Date | SRC |
|---|---|---|
| https://www.debian.org/security/2017/dsa-4019 | 2019-10-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Imagemagick Search vendor "Imagemagick" | Imagemagick Search vendor "Imagemagick" for product "Imagemagick" | 7.0.6-1 Search vendor "Imagemagick" for product "Imagemagick" and version "7.0.6-1" | - |
Affected
| ||||||