Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2017-14103

Опубликовано: 01 сент. 2017
Источник: debian

Описание

The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 do not properly manage image pointers after certain error conditions, which allows remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-11403.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
graphicsmagickfixed1.3.26-8package
graphicsmagicknot-affectedstretchpackage
graphicsmagicknot-affectedjessiepackage

Примечания

  • Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/98721124e51f

  • https://www.openwall.com/lists/oss-security/2017/09/01/6

  • https://blogs.gentoo.org/ago/2017/07/12/graphicsmagick-use-after-free-in-closeblob-blob-c/

Связанные уязвимости

ubuntu логотип

CVE-2017-14103

CVSS3: 8.8
ubuntu
больше 8 лет назад

The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 do not properly manage image pointers after certain error conditions, which allows remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-11403.

nvd логотип

CVE-2017-14103

CVSS3: 8.8
nvd
больше 8 лет назад

The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 do not properly manage image pointers after certain error conditions, which allows remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-11403.

github логотип

GHSA-f9pv-j3cq-p428

CVSS3: 8.8
github
больше 3 лет назад

The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 do not properly manage image pointers after certain error conditions, which allows remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-11403.

fstec логотип

BDU:2019-04091

CVSS3: 8.8
fstec
больше 8 лет назад

Уязвимость функций ReadJNGImage и ReadOneJNGImage (coders/png.c) кроссплатформенной библиотеки для работы с графикой GraphicsMagick, позволяющая нарушителю выполнить произвольный код

suse-cvrf логотип

openSUSE-SU-2018:0218-1

suse-cvrf
около 8 лет назад

Security update for GraphicsMagick