CVE-2017-12670

Published: Aug 7, 2017Modified: May 13, 2026

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

In ImageMagick 7.0.6-3, missing validation was found in coders/mat.c, leading to an assertion failure in the function DestroyImage in MagickCore/image.c, which allows attackers to cause a denial of service.

Affected (1)

Products: Imagemagick: Imagemagick

Imagemagick

1 product

Imagemagick

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Imagemagick Imagemagick	Version 7.0.6-3

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-617

Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

References (10)

http://www.securityfocus.com/bid/100252

Source: cve@mitre.org

https://github.com/ImageMagick/ImageMagick/issues/610

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html

Source: cve@mitre.org

https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html

Source: cve@mitre.org

https://usn.ubuntu.com/3681-1/

Source: cve@mitre.org

http://www.securityfocus.com/bid/100252