CVE-2017-12676

Published: Aug 7, 2017Modified: May 13, 2026

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service.

Affected (1)

Products: Imagemagick: Imagemagick

Imagemagick

1 product

Imagemagick

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Imagemagick Imagemagick	Version 7.0.6-3

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-772

Missing Release of Resource after Effective Lifetime

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

References (4)

http://www.securityfocus.com/bid/100225

Source: cve@mitre.org

https://github.com/ImageMagick/ImageMagick/issues/618

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

http://www.securityfocus.com/bid/100225

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/ImageMagick/ImageMagick/issues/618

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

Timeline

No history available yet.