← Back

CVE-2017-11528

nvd nist
Published: Jul 23, 2017Modified: May 13, 2026

JSON object

Loading...
6.5
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

The ReadDIBImage function in coders/dib.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file.

Affected (55)

Imagemagick
1 product
Imagemagick
Configuration A
55 vulnerable
Vulnerable SoftwareAffected Versions
Imagemagick
Imagemagick
Up to 6.9.8-10
Imagemagick
Version 7.0.1-0
Imagemagick
Version 7.0.1-10
Imagemagick
Version 7.0.1-1
Imagemagick
Version 7.0.1-2
Imagemagick
Version 7.0.1-3
Imagemagick
Version 7.0.1-4
Imagemagick
Version 7.0.1-5
Imagemagick
Version 7.0.1-6
Imagemagick
Version 7.0.1-7
Imagemagick
Version 7.0.1-8
Imagemagick
Version 7.0.1-9
Imagemagick
Version 7.0.2-0
Imagemagick
Version 7.0.2-10
Imagemagick
Version 7.0.2-1
Imagemagick
Version 7.0.2-2
Imagemagick
Version 7.0.2-3
Imagemagick
Version 7.0.2-4
Imagemagick
Version 7.0.2-5
Imagemagick
Version 7.0.2-6
Imagemagick
Version 7.0.2-7
Imagemagick
Version 7.0.2-8
Imagemagick
Version 7.0.2-9
Imagemagick
Version 7.0.3-0
Imagemagick
Version 7.0.3-10
Imagemagick
Version 7.0.3-1
Imagemagick
Version 7.0.3-2
Imagemagick
Version 7.0.3-3
Imagemagick
Version 7.0.3-4
Imagemagick
Version 7.0.3-5
Imagemagick
Version 7.0.3-6
Imagemagick
Version 7.0.3-7
Imagemagick
Version 7.0.3-8
Imagemagick
Version 7.0.3-9
Imagemagick
Version 7.0.4-0
Imagemagick
Version 7.0.4-10
Imagemagick
Version 7.0.4-1
Imagemagick
Version 7.0.4-2
Imagemagick
Version 7.0.4-3
Imagemagick
Version 7.0.4-4
Imagemagick
Version 7.0.4-5
Imagemagick
Version 7.0.4-6
Imagemagick
Version 7.0.4-7
Imagemagick
Version 7.0.4-8
Imagemagick
Version 7.0.4-9
Imagemagick
Version 7.0.5-0
Imagemagick
Version 7.0.5-10
Imagemagick
Version 7.0.5-1
Imagemagick
Version 7.0.5-4
Imagemagick
Version 7.0.5-5
Imagemagick
Version 7.0.5-6
Imagemagick
Version 7.0.5-7
Imagemagick
Version 7.0.5-8
Imagemagick
Version 7.0.5-9
Imagemagick
Version 7.0.6-0

Related CWEs

CWE-772
Missing Release of Resource after Effective Lifetime
The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

References (4)

Source: cve@mitre.org
Issue TrackingMailing ListThird Party Advisory
Source: cve@mitre.org
Issue TrackingPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingMailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatchThird Party Advisory

Timeline

No history available yet.