CVE-2017-18219

Published: Mar 5, 2018Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted file that triggers an attempt at a large png_pixels array allocation.

Affected (4)

Products: Graphicsmagick: Graphicsmagick · Debian: Debian Linux

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Graphicsmagick Graphicsmagick	Version 1.3.26

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Related CWEs

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (18)

http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/cadd4b0522fa

Source: cve@mitre.org

PatchVendor Advisory

http://www.securityfocus.com/bid/103258

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://lists.debian.org/debian-lts-announce/2018/03/msg00025.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/

Source: cve@mitre.org

https://sourceforge.net/p/graphicsmagick/bugs/459/

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://usn.ubuntu.com/4266-1/

Source: cve@mitre.org

https://www.debian.org/security/2018/dsa-4321

Source: cve@mitre.org

Third Party Advisory

http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/cadd4b0522fa

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/103258

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://lists.debian.org/debian-lts-announce/2018/03/msg00025.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/

Source: af854a3a-2127-422b-91ae-364da2661108

https://sourceforge.net/p/graphicsmagick/bugs/459/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://usn.ubuntu.com/4266-1/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.debian.org/security/2018/dsa-4321

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.