Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2017-13139

Published: 23/08/2017 Updated: 14/10/2020
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Imagemagick

Vulnerability Summary

In ImageMagick prior to 6.9.9-0 and 7.x prior to 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

imagemagick imagemagick 7.0.5-2

imagemagick imagemagick 7.0.5-3

imagemagick imagemagick 7.0.4-0

imagemagick imagemagick 7.0.4-1

imagemagick imagemagick 7.0.4-8

imagemagick imagemagick 7.0.4-9

imagemagick imagemagick 7.0.3-6

imagemagick imagemagick 7.0.3-7

imagemagick imagemagick 7.0.2-3

imagemagick imagemagick 7.0.2-4

imagemagick imagemagick 7.0.0-0

imagemagick imagemagick 7.0.1-0

imagemagick imagemagick 7.0.1-1

imagemagick imagemagick 7.0.1-8

imagemagick imagemagick 7.0.1-9

imagemagick imagemagick 7.0.6-0

imagemagick imagemagick 7.0.5-6

imagemagick imagemagick 7.0.5-7

imagemagick imagemagick 7.0.4-4

imagemagick imagemagick 7.0.4-5

imagemagick imagemagick 7.0.3-2

imagemagick imagemagick 7.0.3-3

imagemagick imagemagick 7.0.3-10

imagemagick imagemagick 7.0.2-0

imagemagick imagemagick 7.0.2-7

imagemagick imagemagick 7.0.2-8

imagemagick imagemagick 7.0.1-4

imagemagick imagemagick 7.0.1-5

imagemagick imagemagick 7.0.5-4

imagemagick imagemagick 7.0.5-5

imagemagick imagemagick 7.0.4-2

imagemagick imagemagick 7.0.5-0

imagemagick imagemagick 7.0.5-1

imagemagick imagemagick 7.0.5-8

imagemagick imagemagick 7.0.5-10

imagemagick imagemagick 7.0.4-6

imagemagick imagemagick 7.0.4-7

imagemagick imagemagick 7.0.3-4

imagemagick imagemagick 7.0.3-5

imagemagick imagemagick 7.0.2-1

imagemagick imagemagick 7.0.2-2

imagemagick imagemagick 7.0.2-9

imagemagick imagemagick 7.0.2-10

imagemagick imagemagick 7.0.1-6

imagemagick imagemagick 7.0.1-7

imagemagick imagemagick 7.0.4-3

imagemagick imagemagick 7.0.4-10

imagemagick imagemagick 7.0.3-0

imagemagick imagemagick 7.0.3-1

imagemagick imagemagick 7.0.3-8

imagemagick imagemagick 7.0.3-9

imagemagick imagemagick 7.0.2-5

imagemagick imagemagick 7.0.2-6

imagemagick imagemagick 7.0.1-2

imagemagick imagemagick 7.0.1-3

imagemagick imagemagick 7.0.1-10

imagemagick imagemagick

debian debian linux 8.0

debian debian linux 9.0

canonical ubuntu linux 16.04

canonical ubuntu linux 17.10

canonical ubuntu linux 18.04

Vendor Advisories

Ubuntu Security Notice: imagemagick vulnerabilities
Several security issues were fixed in ImageMagick ...
Debian Security Advisories: DSA-4040-1 imagemagick -- security update
This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed image files are processed For the oldstable distribution (jessie), these problems have been fixed in versio ...
Amazon Linux 2: ALAS-2024-2432
Integer overflow in MagickCore/profilec in ImageMagick before 702-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable (CVE-2016-5841) In ImageMagick before 699-0 and 7x before 706-1, the ReadOneMNGImage function in coders/pngc has an out-o ...
Amazon Linux AMI: ALAS-2024-1926
Integer overflow in MagickCore/profilec in ImageMagick before 702-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable (CVE-2016-5841) ImageMagick 707-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/ddsc, ...
Red Hat: CVE-2017-13139
In ImageMagick before 699-0 and 7x before 706-1, the ReadOneMNGImage function in coders/pngc has an out-of-bounds read with the MNG CLIP chunk ...
Debian CVElist Bug Report Logs: imagemagick: CVE-2017-13139
Debian Bug report logs - #870109 imagemagick: CVE-2017-13139 Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Bastien ROUCARIES <roucariesbastien@gmailcom> Date: Sat, 29 Jul 2017 20:45:07 UTC Severity: important Tags: ...
Debian CVElist Bug Report Logs: imagemagick: CVE-2017-14682: Heap buffer overflow in GetNextToken()
Debian Bug report logs - #876488 imagemagick: CVE-2017-14682: Heap buffer overflow in GetNextToken() Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 22 Sep 2017 18:24:0 ...
Debian CVElist Bug Report Logs: imagemagick: CVE-2017-14607
Debian Bug report logs - #878527 imagemagick: CVE-2017-14607 Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 14 Oct 2017 11:57:02 UTC Severity: serious Tags: confirmed ...
Debian CVElist Bug Report Logs: imagemagick: CVE-2017-14224: Heap buffer overflow in WritePCXImage
Debian Bug report logs - #876097 imagemagick: CVE-2017-14224: Heap buffer overflow in WritePCXImage Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 18 Sep 2017 12:33:01 ...
Debian CVElist Bug Report Logs: imagemagick: CVE-2017-16546
Debian Bug report logs - #881392 imagemagick: CVE-2017-16546 Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 11 Nov 2017 09:03:02 UTC Severity: grave Tags: confirmed, ...
Debian CVElist Bug Report Logs: CVE-2017-12877
Debian Bug report logs - #872373 CVE-2017-12877 Package: imagemagick; Maintainer for imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Source for imagemagick is src:imagemagick (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Wed, 16 Aug 2017 21:12:01 ...
Debian CVElist Bug Report Logs: imagemagick: CVE-2017-11352 (Incomplete fix for CVE-2017-9144)
Debian Bug report logs - #868469 imagemagick: CVE-2017-11352 (Incomplete fix for CVE-2017-9144) Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 15 Jul 2017 19:45:01 UTC ...
Debian CVElist Bug Report Logs: imagemagick: CVE-2017-12983
Debian Bug report logs - #873134 imagemagick: CVE-2017-12983 Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 24 Aug 2017 19:27:01 UTC Severity: serious Tags: confirmed ...
Debian CVElist Bug Report Logs: imagemagick: CVE-2017-14989
Debian Bug report logs - #878562 imagemagick: CVE-2017-14989 Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 14 Oct 2017 16:51:05 UTC Severity: serious Tags: confirmed ...
Debian CVElist Bug Report Logs: imagemagick: CVE-2017-13144
Debian Bug report logs - #869728 imagemagick: CVE-2017-13144 Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Bastien ROUCARIES <roucariesbastien@gmailcom> Date: Tue, 25 Jul 2017 22:09:01 UTC Severity: serious Tags: se ...
Debian CVElist Bug Report Logs: imagemagick: CVE-2017-13134
Debian Bug report logs - #873099 imagemagick: CVE-2017-13134 Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 24 Aug 2017 14:57:02 UTC Severity: serious Tags: confirmed ...
Debian CVElist Bug Report Logs: imagemagick: CVE-2017-13758
Debian Bug report logs - #878508 imagemagick: CVE-2017-13758 Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 14 Oct 2017 09:03:02 UTC Severity: serious Tags: confirmed ...
Debian CVElist Bug Report Logs: imagemagick: CVE-2017-13769
Debian Bug report logs - #878507 imagemagick: CVE-2017-13769 Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 14 Oct 2017 08:57:02 UTC Severity: serious Tags: confirmed ...
Debian CVElist Bug Report Logs: imagemagick: CVE-2017-15277
Debian Bug report logs - #878578 imagemagick: CVE-2017-15277 Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 14 Oct 2017 18:51:02 UTC Severity: serious Tags: confirmed ...

References

CWE-125https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870109http://www.securityfocus.com/bid/100494https://www.debian.org/security/2017/dsa-4019https://security.gentoo.org/glsa/201711-07https://www.debian.org/security/2017/dsa-4040https://usn.ubuntu.com/3681-1/https://github.com/ImageMagick/ImageMagick/commit/d072ed6aff835c174e856ce3a428163c0da9e8f4https://nvd.nist.govhttps://usn.ubuntu.com/3681-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook