CVE-2017-11448

Published: Jul 19, 2017Modified: May 13, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The ReadJPEGImage function in coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file.

Affected (2)

Products: Imagemagick: Imagemagick

Imagemagick

1 product

Imagemagick

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Imagemagick Imagemagick	Before 6.9.9-0
Imagemagick Imagemagick	From 7.0.0-0 to 7.0.6-1

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867893

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

https://github.com/ImageMagick/ImageMagick/commit/f6463ca9588579633bbaed9460899d892aa3c64a

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/ImageMagick/ImageMagick/issues/556

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867893

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://github.com/ImageMagick/ImageMagick/commit/f6463ca9588579633bbaed9460899d892aa3c64a

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/ImageMagick/ImageMagick/issues/556

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

Timeline

No history available yet.