Published: 22/05/2017 Updated: 15/10/2020

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the ResetImageProfileIterator function in MagickCore/profile.c because of missing checks in the ReadDDSImage function in coders/dds.c.

Vulnerable Product	Search on Vulmon	Subscribe to Product
imagemagick imagemagick 7.0.5-7
debian debian linux 8.0
debian debian linux 9.0

Debian Bug report logs - #863124 imagemagick: CVE-2017-9141: A crafted file revealed an assertion failure in profilec Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Bastien ROUCARIES <roucariesbastien@gmailcom> Date: ...

Several security issues were fixed in ImageMagick ...

This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed RLE, ART, JNG, DDS, BMP, ICO, EPT, SUN, MTV, PICT, XWD, PCD, SFW, MAT, EXR, DCM, MNG, PCX or SVG files are p ...

In ImageMagick 705-7 Q16, a crafted file could trigger an assertion failure in the ResetImageProfileIterator function in MagickCore/profilec because of missing checks in the ReadDDSImage function in coders/ddsc ...

CWE-20 CWE-617 https://github.com/ImageMagick/ImageMagick/issues/489 http://www.securityfocus.com/bid/98606 http://www.debian.org/security/2017/dsa-3863 https://github.com/ImageMagick/ImageMagick/commit/0c5b1e430a83ef793a7334bbbee408cf3c628699 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863124 https://usn.ubuntu.com/3302-1/https://nvd.nist.gov

CVE-2017-9141

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect