Published: 18/09/2017 Updated: 04/03/2021

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote malicious users to cause a denial of service (use-after-free after an invalid call to TIFFSetField, and application crash) via a crafted file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
imagemagick imagemagick 7.0.6
debian debian linux 9.0

Debian Bug report logs - #878544 imagemagick: CVE-2017-14528 Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 14 Oct 2017 13:09:02 UTC Severity: important Tags: securit ...

Debian Bug report logs - #894848 imagemagick: CVE-2018-9133: Excessive iteration in DecodeLabImage and EncodeLabImage Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 4 ...

Debian Bug report logs - #898217 imagemagick: CVE-2018-10804 Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 8 May 2018 20:21:02 UTC Severity: normal Tags: fixed-upst ...

Debian Bug report logs - #898218 imagemagick: CVE-2018-10805 Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 8 May 2018 20:27:02 UTC Severity: normal Tags: fixed-upst ...

The TIFFSetProfiles function in coders/tiffc in ImageMagick 706 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service (use-after-free after an invalid call to TIFFSetField, and application crash) via a crafted file ...

CWE-416 http://bugzilla.maptools.org/show_bug.cgi?id=2730 https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32560 http://www.securityfocus.com/bid/100875 https://lists.debian.org/debian-lts-announce/2021/01/msg00010.html https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878544

CVE-2017-14528

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect