CVE-2017-16352
GraphicsMagick - Memory Disclosure / Heap Overflow
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag.
GraphicsMagick 1.3.26 es vulnerable a un desbordamiento de búfer basado en memoria dinámica (heap) que se ha encontrado en la característica "Display visual image directory" de la función DescribeImage() del archivo magick/describe.c. Una forma posible de desencadenar esta vulnerabilidad es ejecutar el comando identify en un archivo de formato MIFF especialmente manipulado con el indicador de detalle.
GraphicsMagick suffers from memory disclosure and heap overflow vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-11-01 CVE Reserved
- 2017-11-01 CVE Published
- 2024-02-05 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (9)
URL | Tag | Source |
---|---|---|
http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset%3Bnode=7292230dd185 | X_refsource_misc | |
http://www.securityfocus.com/bid/101658 | Third Party Advisory | |
https://lists.debian.org/debian-lts-announce/2017/11/msg00002.html | Mailing List | |
https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html | Mailing List |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/43111 | 2024-08-05 | |
https://blogs.securiteam.com/index.php/archives/3494 | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
ftp://ftp.graphicsmagick.org/pub/GraphicsMagick/snapshots/ChangeLog.txt | 2023-11-07 | |
https://usn.ubuntu.com/4232-1 | 2023-11-07 | |
https://www.debian.org/security/2018/dsa-4321 | 2023-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Graphicsmagick Search vendor "Graphicsmagick" | Graphicsmagick Search vendor "Graphicsmagick" for product "Graphicsmagick" | 1.3.26 Search vendor "Graphicsmagick" for product "Graphicsmagick" and version "1.3.26" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
|