Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-16353

Опубликовано: 01 нояб. 2017
Источник: redhat
CVSS3: 3.3
EPSS Средний

Описание

GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments are never checked.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5ImageMagickWill not fix
Red Hat Enterprise Linux 6ImageMagickWill not fix
Red Hat Enterprise Linux 7ImageMagickWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1512047GraphicsMagick: memory information disclosure in DescribeImage function in magick/describe.c

EPSS

Процентиль: 97%
0.32261
Средний

3.3 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-16353

CVSS3: 6.5
ubuntu
больше 8 лет назад

GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments are never checked.

nvd логотип

CVE-2017-16353

CVSS3: 6.5
nvd
больше 8 лет назад

GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments are never checked.

debian логотип

CVE-2017-16353

CVSS3: 6.5
debian
больше 8 лет назад

GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure ...

github логотип

GHSA-whcq-5grp-h63j

CVSS3: 6.5
github
больше 3 лет назад

GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments are never checked.

fstec логотип

BDU:2019-04109

CVSS3: 6.5
fstec
больше 8 лет назад

Уязвимость функции DescribeImage (magick/describe.c) кроссплатформенной библиотеки для работы с графикой GraphicsMagick, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 97%
0.32261
Средний

3.3 Low

CVSS3