CVE-2017-12937

Опубликовано: 18 авг. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read.

Ссылки

http://hg.code.sf.net/p/graphicsmagick/code/rev/95d00d55e978
Issue Tracking
Patch
Third Party Advisory
http://www.securityfocus.com/bid/100442
Third Party Advisory
VDB Entry
https://blogs.gentoo.org/ago/2017/08/05/graphicsmagick-heap-based-buffer-overflow-in-readsunimage-sun-c/
Issue Tracking
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/
https://usn.ubuntu.com/4222-1/
https://www.debian.org/security/2018/dsa-4321
Third Party Advisory
http://hg.code.sf.net/p/graphicsmagick/code/rev/95d00d55e978
Issue Tracking
Patch
Third Party Advisory
http://www.securityfocus.com/bid/100442
Third Party Advisory
VDB Entry
https://blogs.gentoo.org/ago/2017/08/05/graphicsmagick-heap-based-buffer-overflow-in-readsunimage-sun-c/
Issue Tracking
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/
https://usn.ubuntu.com/4222-1/
https://www.debian.org/security/2018/dsa-4321
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:graphicsmagick:graphicsmagick:1.3.26:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 76%

0.0095

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

CVE-2017-12937

CVSS3: 8.8

ubuntu

больше 8 лет назад

The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read.

CVE-2017-12937

CVSS3: 8.8

debian

больше 8 лет назад

The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has ...

GHSA-rm5j-v5rh-42x3

CVSS3: 8.8

github

больше 3 лет назад

The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read.

BDU:2019-04059

CVSS3: 8.8

fstec

больше 8 лет назад

Уязвимость функции ReadSUNImage (coders/sun.c) кроссплатформенной библиотеки для работы с графикой GraphicsMagick, позволяющая нарушителю выполнить произвольный код

openSUSE-SU-2017:2894-1

suse-cvrf

больше 8 лет назад

Security update for GraphicsMagick

EPSS

Процентиль: 76%

0.0095

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-125