Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2017-11523

Published: 22/07/2017 Updated: 03/10/2019
CVSS v2 Base Score: 7.1 | Impact Score: 6.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 632
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Subscribe to Imagemagick

Vulnerability Summary

The ReadTXTImage function in coders/txt.c in ImageMagick up to and including 6.9.9-0 and 7.x up to and including 7.0.6-1 allows remote malicious users to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

imagemagick imagemagick 7.0.0-0

imagemagick imagemagick 7.0.1-0

imagemagick imagemagick 7.0.1-7

imagemagick imagemagick 7.0.1-8

imagemagick imagemagick 7.0.1-3

imagemagick imagemagick 7.0.1-4

imagemagick imagemagick 7.0.2-0

imagemagick imagemagick 7.0.2-1

imagemagick imagemagick 7.0.2-2

imagemagick imagemagick 7.0.2-9

imagemagick imagemagick 7.0.2-10

imagemagick imagemagick 7.0.3-6

imagemagick imagemagick 7.0.3-7

imagemagick imagemagick 7.0.4-4

imagemagick imagemagick 7.0.4-5

imagemagick imagemagick 7.0.5-1

imagemagick imagemagick 7.0.5-4

imagemagick imagemagick 7.0.1-1

imagemagick imagemagick 7.0.1-2

imagemagick imagemagick 7.0.1-9

imagemagick imagemagick 7.0.1-10

imagemagick imagemagick 7.0.2-7

imagemagick imagemagick 7.0.2-8

imagemagick imagemagick 7.0.3-4

imagemagick imagemagick 7.0.3-5

imagemagick imagemagick 7.0.4-1

imagemagick imagemagick 7.0.4-2

imagemagick imagemagick 7.0.4-3

imagemagick imagemagick 7.0.4-10

imagemagick imagemagick 7.0.5-0

imagemagick imagemagick 7.0.6-1

imagemagick imagemagick

imagemagick imagemagick 7.0.2-5

imagemagick imagemagick 7.0.2-6

imagemagick imagemagick 7.0.3-2

imagemagick imagemagick 7.0.3-3

imagemagick imagemagick 7.0.3-10

imagemagick imagemagick 7.0.4-0

imagemagick imagemagick 7.0.4-8

imagemagick imagemagick 7.0.4-9

imagemagick imagemagick 7.0.5-7

imagemagick imagemagick 7.0.5-8

imagemagick imagemagick 7.0.1-5

imagemagick imagemagick 7.0.1-6

imagemagick imagemagick 7.0.2-3

imagemagick imagemagick 7.0.2-4

imagemagick imagemagick 7.0.3-0

imagemagick imagemagick 7.0.3-1

imagemagick imagemagick 7.0.3-8

imagemagick imagemagick 7.0.3-9

imagemagick imagemagick 7.0.4-6

imagemagick imagemagick 7.0.4-7

imagemagick imagemagick 7.0.5-5

imagemagick imagemagick 7.0.5-6

Vendor Advisories

Red Hat: CVE-2017-11523
The ReadTXTImage function in coders/txtc in ImageMagick through 699-0 and 7x through 706-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered ...
Debian CVElist Bug Report Logs: imagemagick: CVE-2017-11523: endless loop in ReadTXTImage
Debian Bug report logs - #869210 imagemagick: CVE-2017-11523: endless loop in ReadTXTImage Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Bastien ROUCARIES <roucariesbastien@gmailcom> Date: Fri, 21 Jul 2017 15:39:02 U ...
Debian CVElist Bug Report Logs: imagemagick: CVE-2017-13145
Debian Bug report logs - #869830 imagemagick: CVE-2017-13145 Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Bastien ROUCARIES <roucariesbastien@gmailcom> Date: Wed, 26 Jul 2017 20:51:02 UTC Severity: important Tags: ...
Debian CVElist Bug Report Logs: imagemagick: CVE-2017-13658
Debian Bug report logs - #870019 imagemagick: CVE-2017-13658 Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Bastien ROUCARIES <roucariesbastien@gmailcom> Date: Fri, 28 Jul 2017 22:33:02 UTC Severity: important Tags: ...
Debian CVElist Bug Report Logs: CVE-2017-11535: heap based overflow in ps.c
Debian Bug report logs - #869827 CVE-2017-11535: heap based overflow in psc Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Bastien ROUCARIES <roucariesbastien@gmailcom> Date: Wed, 26 Jul 2017 20:30:01 UTC Severity: ...
Debian CVElist Bug Report Logs: CVE-2017-11537: palm fpe
Debian Bug report logs - #869712 CVE-2017-11537: palm fpe Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Bastien ROUCARIES <roucariesbastien@gmailcom> Date: Tue, 25 Jul 2017 20:36:01 UTC Severity: important Tags: sec ...
Debian CVElist Bug Report Logs: CVE-2017-11536 memory leak in jp2 coder
Debian Bug report logs - #869831 CVE-2017-11536 memory leak in jp2 coder Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Bastien ROUCARIES <roucariesbastien@gmailcom> Date: Wed, 26 Jul 2017 21:03:02 UTC Severity: impo ...
Debian CVElist Bug Report Logs: imagemagick: CVE-2017-12670
Debian Bug report logs - #870020 imagemagick: CVE-2017-12670 Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Bastien ROUCARIES <roucariesbastien@gmailcom> Date: Fri, 28 Jul 2017 22:33:07 UTC Severity: important Tags: ...
Debian CVElist Bug Report Logs: imagemagick: CVE-2017-12675
Debian Bug report logs - #870022 imagemagick: CVE-2017-12675 Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Bastien ROUCARIES <roucariesbastien@gmailcom> Date: Fri, 28 Jul 2017 22:36:07 UTC Severity: important Tags: ...
Debian CVElist Bug Report Logs: imagemagick: CVE-2017-12431: use after free in ReadWMFImage
Debian Bug report logs - #869715 imagemagick: CVE-2017-12431: use after free in ReadWMFImage Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Bastien ROUCARIES <roucariesbastien@gmailcom> Date: Tue, 25 Jul 2017 20:45:09 ...
Debian CVElist Bug Report Logs: imagemagick: CVE-2017-12664
Debian Bug report logs - #869721 imagemagick: CVE-2017-12664 Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Bastien ROUCARIES <roucariesbastien@gmailcom> Date: Tue, 25 Jul 2017 21:33:01 UTC Severity: important Tags: ...
Debian CVElist Bug Report Logs: imagemagick: CVE-2017-12564: memory leak in mat file handler
Debian Bug report logs - #870017 imagemagick: CVE-2017-12564: memory leak in mat file handler Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Bastien ROUCARIES <roucariesbastien@gmailcom> Date: Fri, 28 Jul 2017 22:03:0 ...
Debian CVElist Bug Report Logs: imagemagick: CVE-2017-13146
Debian Bug report logs - #870013 imagemagick: CVE-2017-13146 Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Bastien ROUCARIES <roucariesbastien@gmailcom> Date: Fri, 28 Jul 2017 21:39:02 UTC Severity: important Tags: ...
Debian CVElist Bug Report Logs: imagemagick: CVE-2017-12434: assertion failed in DestroyImageInfo
Debian Bug report logs - #870014 imagemagick: CVE-2017-12434: assertion failed in DestroyImageInfo Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Bastien ROUCARIES <roucariesbastien@gmailcom> Date: Fri, 28 Jul 2017 22 ...
Debian CVElist Bug Report Logs: imagemagick: CVE-2017-11724: memory leak in mat coder
Debian Bug report logs - #870023 imagemagick: CVE-2017-11724: memory leak in mat coder Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Bastien ROUCARIES <roucariesbastien@gmailcom> Date: Fri, 28 Jul 2017 22:36:12 UTC ...
Debian CVElist Bug Report Logs: CVE-2017-11534: wmf memory leak
Debian Bug report logs - #869711 CVE-2017-11534: wmf memory leak Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Bastien ROUCARIES <roucariesbastien@gmailcom> Date: Tue, 25 Jul 2017 20:33:04 UTC Severity: important Ta ...
Debian CVElist Bug Report Logs: imagemagick: CVE-2017-13143
Debian Bug report logs - #870012 imagemagick: CVE-2017-13143 Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Bastien ROUCARIES <roucariesbastien@gmailcom> Date: Fri, 28 Jul 2017 21:36:01 UTC Severity: important Tags: ...
Debian CVElist Bug Report Logs: CVE-2017-11532: memory leak in coders/mpc.c.
Debian Bug report logs - #869726 CVE-2017-11532: memory leak in coders/mpcc Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Bastien ROUCARIES <roucariesbastien@gmailcom> Date: Tue, 25 Jul 2017 21:57:02 UTC Severity: ...
Debian CVElist Bug Report Logs: imagemagick: CVE-2017-12672
Debian Bug report logs - #870021 imagemagick: CVE-2017-12672 Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Bastien ROUCARIES <roucariesbastien@gmailcom> Date: Fri, 28 Jul 2017 22:36:01 UTC Severity: important Tags: ...
Debian CVElist Bug Report Logs: CVE-2017-11531: Memory Leak in coders/histogram.c.
Debian Bug report logs - #869725 CVE-2017-11531: Memory Leak in coders/histogramc Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Bastien ROUCARIES <roucariesbastien@gmailcom> Date: Tue, 25 Jul 2017 21:51:02 UTC Sev ...
Debian CVElist Bug Report Logs: imagemagick: CVE-2017-12430: Memory exhaustion in mpc coder
Debian Bug report logs - #869727 imagemagick: CVE-2017-12430: Memory exhaustion in mpc coder Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Bastien ROUCARIES <roucariesbastien@gmailcom> Date: Tue, 25 Jul 2017 22:06:01 ...
Debian CVElist Bug Report Logs: CVE-2017-11533: heap buffer overflow in uil coder
Debian Bug report logs - #869834 CVE-2017-11533: heap buffer overflow in uil coder Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Bastien ROUCARIES <roucariesbastien@gmailcom> Date: Wed, 26 Jul 2017 21:15:05 UTC Seve ...
Debian CVElist Bug Report Logs: imagemagick: CVE-2017-12667
Debian Bug report logs - #870015 imagemagick: CVE-2017-12667 Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Bastien ROUCARIES <roucariesbastien@gmailcom> Date: Fri, 28 Jul 2017 22:00:06 UTC Severity: important Tags: ...
Debian CVElist Bug Report Logs: imagemagick: CVE-2017-12642
Debian Bug report logs - #869796 imagemagick: CVE-2017-12642 Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Bastien ROUCARIES <roucariesbastien@gmailcom> Date: Wed, 26 Jul 2017 14:15:02 UTC Severity: important Tags: ...
Debian CVElist Bug Report Logs: imagemagick: CVE-2017-11446
Debian Bug report logs - #868950 imagemagick: CVE-2017-11446 Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 19 Jul 2017 19:09:01 UTC Severity: important Tags: fixed-u ...
Debian CVElist Bug Report Logs: Memory-Leak in ReadMATImage()
Debian Bug report logs - #870016 Memory-Leak in ReadMATImage() Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Bastien ROUCARIES <roucariesbastien@gmailcom> Date: Fri, 28 Jul 2017 22:00:11 UTC Severity: important Tags ...
Debian CVElist Bug Report Logs: Imagemagick: memory leak in quantize
Debian Bug report logs - #869722 Imagemagick: memory leak in quantize Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Bastien ROUCARIES <roucariesbastien@gmailcom> Date: Tue, 25 Jul 2017 21:33:07 UTC Severity: importa ...
Debian CVElist Bug Report Logs: imagemagick: CVE-2017-9500: assertion failed in ResetImageProfileIterator
Debian Bug report logs - #867778 imagemagick: CVE-2017-9500: assertion failed in ResetImageProfileIterator Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 9 Jul 2017 1 ...
Debian CVElist Bug Report Logs: imagemagick: CVE-2017-13144
Debian Bug report logs - #869728 imagemagick: CVE-2017-13144 Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Bastien ROUCARIES <roucariesbastien@gmailcom> Date: Tue, 25 Jul 2017 22:09:01 UTC Severity: serious Tags: se ...

References

CWE-835https://github.com/ImageMagick/ImageMagick/issues/591https://github.com/ImageMagick/ImageMagick/commit/a8f9c2aabed37cd6a728532d1aed13ae0f3dfd78https://github.com/ImageMagick/ImageMagick/commit/83e0f8ffd7eeb7661b0ff83257da23d24ca7f078https://bugs.debian.org/869210https://www.debian.org/security/2017/dsa-4019https://lists.debian.org/debian-lts-announce/2019/05/msg00015.htmlhttps://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2017-11523
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook