Published: 18/07/2017 Updated: 18/10/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 606

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

It exists that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-10794, CVE-2017-10799, CVE-2017-11102, CVE-2017-11140, CVE-2017-11403, CVE-2017-11636, CVE-2017-11637, CVE-2017-13147, CVE-2017-14042, CVE-2017-6335)

Vulnerable Product	Search on Vulmon	Subscribe to Product
graphicsmagick graphicsmagick 1.3.26

Several security issues were fixed in GraphicsMagick ...

The ReadMNGImage function in coders/pngc in GraphicsMagick 1326 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file (CVE-2017-1000061) ...

Debian Bug report logs - #870157 graphicsmagick: CVE-2017-11643 Package: graphicsmagick; Maintainer for graphicsmagick is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Source for graphicsmagick is src:graphicsmagick (PTS, buildd, popcon) Reported by: Markus Koschany <apo@debianorg> Date: Sun, 30 Jul 2017 14:21:02 UTC ...

Debian Bug report logs - #870149 graphicsmagick: CVE-2017-11636 Package: graphicsmagick; Maintainer for graphicsmagick is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Source for graphicsmagick is src:graphicsmagick (PTS, buildd, popcon) Reported by: Markus Koschany <apo@debianorg> Date: Sun, 30 Jul 2017 14:21:02 UTC ...

Debian Bug report logs - #870153 graphicsmagick: CVE-2017-11637 Package: graphicsmagick; Maintainer for graphicsmagick is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Source for graphicsmagick is src:graphicsmagick (PTS, buildd, popcon) Reported by: Markus Koschany <apo@debianorg> Date: Sun, 30 Jul 2017 14:21:02 UTC ...

Debian Bug report logs - #870156 graphicsmagick: CVE-2017-11642 Package: graphicsmagick; Maintainer for graphicsmagick is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Source for graphicsmagick is src:graphicsmagick (PTS, buildd, popcon) Reported by: Markus Koschany <apo@debianorg> Date: Sun, 30 Jul 2017 14:21:02 UTC ...

Debian Bug report logs - #870155 graphicsmagick: CVE-2017-11641 Package: graphicsmagick; Maintainer for graphicsmagick is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Source for graphicsmagick is src:graphicsmagick (PTS, buildd, popcon) Reported by: Markus Koschany <apo@debianorg> Date: Sun, 30 Jul 2017 14:21:02 UTC ...

Debian Bug report logs - #870154 graphicsmagick: CVE-2017-11638 Package: graphicsmagick; Maintainer for graphicsmagick is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Source for graphicsmagick is src:graphicsmagick (PTS, buildd, popcon) Reported by: Markus Koschany <apo@debianorg> Date: Sun, 30 Jul 2017 14:21:02 UTC ...

The ReadMNGImage function in coders/pngc in GraphicsMagick before 1327 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file ...

CWE-416 https://blogs.gentoo.org/ago/2017/07/12/graphicsmagick-use-after-free-in-closeblob-blob-c/http://hg.code.sf.net/p/graphicsmagick/code/rev/d0a76868ca37 https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html https://www.debian.org/security/2018/dsa-4321 https://usn.ubuntu.com/4206-1/https://usn.ubuntu.com/4206-1/https://nvd.nist.gov

CVE-2017-11403

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect