CVE-2017-9499

Published: Jun 7, 2017Modified: May 13, 2026

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function SetPixelChannelAttributes, which allows attackers to cause a denial of service via a crafted file.

Affected (1)

Products: Imagemagick: Imagemagick

Imagemagick

1 product

Imagemagick

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Imagemagick Imagemagick	Version 7.0.5-7

Related CWEs

CWE-617

Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

References (6)

http://www.securityfocus.com/bid/98944

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://github.com/ImageMagick/ImageMagick/commit/7fd419441bc7103398e313558171d342c6315f44

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

https://github.com/ImageMagick/ImageMagick/issues/492

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

http://www.securityfocus.com/bid/98944

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://github.com/ImageMagick/ImageMagick/commit/7fd419441bc7103398e313558171d342c6315f44

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://github.com/ImageMagick/ImageMagick/issues/492

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

Timeline

No history available yet.