CVE-2017-18229
Ubuntu Security Notice USN-4266-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allows attackers to cause a denial of service via a crafted file, because file size is not properly used to restrict scanline, strip, and tile allocations.
Se ha descubierto un problema en GraphicsMagick 1.3.26. Se ha encontrado una vulnerabilidad de error de asignación en la función ReadTIFFImage en coders/tiff.c, lo que permite que atacantes provoquen una denegación de servicio (DoS) mediante un archivo manipulado, debido a que el tamaño del archivo no se emplea adecuadamente para restringir las asignaciones scanline, strip y tile.
It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-03-13 CVE Reserved
- 2018-03-14 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-770: Allocation of Resources Without Limits or Throttling
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2018/03/msg00025.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html | Mailing List |
|
| https://sourceforge.net/p/graphicsmagick/bugs/461 | Release Notes |
| URL | Date | SRC |
|---|---|---|
| http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/752c0b41fa32 | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://usn.ubuntu.com/4266-1 | 2020-02-10 | |
| https://www.debian.org/security/2018/dsa-4321 | 2020-02-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Graphicsmagick Search vendor "Graphicsmagick" | Graphicsmagick Search vendor "Graphicsmagick" for product "Graphicsmagick" | 1.3.26 Search vendor "Graphicsmagick" for product "Graphicsmagick" and version "1.3.26" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||