CVE-2017-12671
Debian Security Advisory 4019-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In ImageMagick 7.0.6-3, a missing NULL assignment was found in coders/png.c, leading to an invalid free in the function RelinquishMagickMemory in MagickCore/memory.c, which allows attackers to cause a denial of service.
Se ha encontrado un problema de falta de asignación NULL en ImageMagick 7.0.6-3 en coders/mat.c, que conduce a una liberación no válida (invalid free) en la función DestroyImage en MagickCore/image.c. Esto provoca que los atacantes puedan causar denegaciones de servicio.
This update fixes several vulnerabilities in imagemagick. Various memory handling problems and cases of missing or incomplete input sanitizing may result in denial of service, memory disclosure or the execution of arbitrary code if malformed image files are processed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-08-07 CVE Reserved
- 2017-08-07 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/ImageMagick/ImageMagick/issues/621 | 2017-11-07 |
| URL | Date | SRC |
|---|---|---|
| https://www.debian.org/security/2017/dsa-4019 | 2017-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Imagemagick Search vendor "Imagemagick" | Imagemagick Search vendor "Imagemagick" for product "Imagemagick" | 7.0.6-3 Search vendor "Imagemagick" for product "Imagemagick" and version "7.0.6-3" | - |
Affected
| ||||||