Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2017-18272

Опубликовано: 18 мая 2018
Источник: debian
EPSS Низкий

Описание

In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-after-free in ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted MNG image file that is mishandled in an MngInfoDiscardObject call.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
imagemagickfixed8:6.9.9.34+dfsg-3package
imagemagicknot-affectedstretchpackage
imagemagicknot-affectedjessiepackage
imagemagicknot-affectedwheezypackage

Примечания

  • https://github.com/ImageMagick/ImageMagick/issues/918

  • https://github.com/ImageMagick/ImageMagick/commit/93d029b70ac766ce0b5d7261a2dd334535f48038

EPSS

Процентиль: 61%
0.00406
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2017-18272

CVSS3: 6.5
ubuntu
больше 7 лет назад

In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-after-free in ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted MNG image file that is mishandled in an MngInfoDiscardObject call.

redhat логотип

CVE-2017-18272

CVSS3: 3.3
redhat
около 8 лет назад

In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-after-free in ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted MNG image file that is mishandled in an MngInfoDiscardObject call.

nvd логотип

CVE-2017-18272

CVSS3: 6.5
nvd
больше 7 лет назад

In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-after-free in ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted MNG image file that is mishandled in an MngInfoDiscardObject call.

github логотип

GHSA-mcm9-58rh-8jmj

CVSS3: 6.5
github
больше 3 лет назад

In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-after-free in ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted MNG image file that is mishandled in an MngInfoDiscardObject call.

EPSS

Процентиль: 61%
0.00406
Низкий