CVE-2017-17504

Опубликовано: 11 дек. 2017

Источник: debian

EPSS Низкий

Описание

ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
imagemagick	fixed	8:6.9.9.34+dfsg-3		package

Примечания

https://github.com/ImageMagick/ImageMagick/issues/872
ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/ce3a586a43a7d13442587eb7f28d129557b6a135
ImageMagick-7: https://github.com/ImageMagick/ImageMagick/commit/59c49559e302e06bfba46cb6feb4e39adbe675b6
ImageMagick-7: https://github.com/ImageMagick/ImageMagick/commit/fb89192c4ca1600741af79dd22166a7d91e76924

EPSS

Процентиль: 76%

0.00979

Низкий

Связанные уязвимости

CVE-2017-17504

CVSS3: 6.5

ubuntu

около 8 лет назад

ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage.

CVE-2017-17504

CVSS3: 3.3

redhat

около 8 лет назад

ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage.

CVE-2017-17504

CVSS3: 6.5

nvd

около 8 лет назад

ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage.

GHSA-6f9c-wjp7-99h4

CVSS3: 6.5

github

больше 3 лет назад

ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage.

SUSE-SU-2018:0350-1

suse-cvrf

около 8 лет назад

Security update for ImageMagick

EPSS

Процентиль: 76%

0.00979

Низкий