CVE-2017-17501

Опубликовано: 11 дек. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file.

Ссылки

http://hg.code.sf.net/p/graphicsmagick/code/rev/5b8414c0d0c4
Patch
Third Party Advisory
http://www.securityfocus.com/bid/102185
Third Party Advisory
VDB Entry
https://lists.debian.org/debian-lts-announce/2018/01/msg00005.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/
https://sourceforge.net/p/graphicsmagick/bugs/526/
Issue Tracking
Third Party Advisory
https://usn.ubuntu.com/4248-1/
https://www.debian.org/security/2018/dsa-4321
Third Party Advisory
http://hg.code.sf.net/p/graphicsmagick/code/rev/5b8414c0d0c4
Patch
Third Party Advisory
http://www.securityfocus.com/bid/102185
Third Party Advisory
VDB Entry
https://lists.debian.org/debian-lts-announce/2018/01/msg00005.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/
https://sourceforge.net/p/graphicsmagick/bugs/526/
Issue Tracking
Third Party Advisory
https://usn.ubuntu.com/4248-1/
https://www.debian.org/security/2018/dsa-4321
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:graphicsmagick:graphicsmagick:1.3.26:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 84%

0.02188

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

CVE-2017-17501

CVSS3: 8.8

ubuntu

около 8 лет назад

WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file.

CVE-2017-17501

CVSS3: 8.8

debian

около 8 лет назад

WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-b ...

GHSA-m5ph-57mx-hhc9

CVSS3: 8.8

github

больше 3 лет назад

WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file.

SUSE-SU-2018:0413-1

suse-cvrf

почти 8 лет назад

Security update for GraphicsMagick

EPSS

Процентиль: 84%

0.02188

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-125