← Back

CVE-2017-5507

nvd nist
Published: Mar 24, 2017Modified: May 13, 2026

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a denial of service (memory consumption) via vectors involving a pixel cache.

Affected (40)

Imagemagick
1 product
Imagemagick
Debian
1 product
Debian Linux
Configuration A
37 vulnerable
Vulnerable SoftwareAffected Versions
Imagemagick
Imagemagick
Version 7.0.1-0
Imagemagick
Version 7.0.1-10
Imagemagick
Version 7.0.1-1
Imagemagick
Version 7.0.1-2
Imagemagick
Version 7.0.1-3
Imagemagick
Version 7.0.1-4
Imagemagick
Version 7.0.1-5
Imagemagick
Version 7.0.1-6
Imagemagick
Version 7.0.1-7
Imagemagick
Version 7.0.1-8
Imagemagick
Version 7.0.1-9
Imagemagick
Version 7.0.2-0
Imagemagick
Version 7.0.2-10
Imagemagick
Version 7.0.2-1
Imagemagick
Version 7.0.2-2
Imagemagick
Version 7.0.2-3
Imagemagick
Version 7.0.2-4
Imagemagick
Version 7.0.2-5
Imagemagick
Version 7.0.2-6
Imagemagick
Version 7.0.2-7
Imagemagick
Version 7.0.2-8
Imagemagick
Version 7.0.2-9
Imagemagick
Version 7.0.3-0
Imagemagick
Version 7.0.3-10
Imagemagick
Version 7.0.3-1
Imagemagick
Version 7.0.3-2
Imagemagick
Version 7.0.3-3
Imagemagick
Version 7.0.3-4
Imagemagick
Version 7.0.3-5
Imagemagick
Version 7.0.3-6
Imagemagick
Version 7.0.3-7
Imagemagick
Version 7.0.3-8
Imagemagick
Version 7.0.3-9
Imagemagick
Version 7.0.4-0
Imagemagick
Version 7.0.4-1
Imagemagick
Version 7.0.4-2
Imagemagick
Version 7.0.4-3
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Imagemagick
Up to 6.9.7-3
Configuration C
2 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 8.0
Debian Linux
Version 9.0

Related CWEs

CWE-772
Missing Release of Resource after Effective Lifetime
The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

References (18)

Source: security@debian.org
Third Party Advisory
Source: security@debian.org
Mailing ListPatchThird Party Advisory
Source: security@debian.org
Mailing ListPatchThird Party Advisory
Source: security@debian.org
Third Party AdvisoryVDB Entry
Source: security@debian.org
Issue TrackingPatchThird Party Advisory
Source: security@debian.org
Release NotesThird Party Advisory
Source: security@debian.org
Release NotesThird Party Advisory
Source: security@debian.org
PatchVendor Advisory
Source: security@debian.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.