6.5
CVSSv3

CVE-2017-11448

Published: 19/07/2017 Updated: 28/04/2021
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Summary

The ReadJPEGImage function in coders/jpeg.c in ImageMagick prior to 7.0.6-1 allows remote malicious users to obtain sensitive information from uninitialized memory locations via a crafted file.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

imagemagick imagemagick

Vendor Advisories

Debian Bug report logs - #867893 imagemagick: CVE-2017-11448 Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Bastien ROUCARIES <roucariesbastien@gmailcom> Date: Mon, 10 Jul 2017 11:39:02 UTC Severity: important Tags: ...
Several security issues were fixed in ImageMagick ...
This updates fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed RLE, SVG, PSD, PDB, DPX, MAT, TGA, VST, CIN, DIB, MPC, EPT, JNG, DJVU, JPEG, ICO, PALM or MNG files are pro ...
The ReadJPEGImage function in coders/jpegc in ImageMagick before 706-1 allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file ...