Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-18272

Опубликовано: 25 дек. 2017
Источник: redhat
CVSS3: 3.3
EPSS Низкий

Описание

In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-after-free in ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted MNG image file that is mishandled in an MngInfoDiscardObject call.

Отчет

This issue did not affect the versions of ImageMagick as shipped with Red Hat Enterprise Linux 5, 6, and 7.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5ImageMagickNot affected
Red Hat Enterprise Linux 6ImageMagickNot affected
Red Hat Enterprise Linux 7ImageMagickNot affected
Red Hat Enterprise Linux 8ImageMagickWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=1581485ImageMagick: use-after-free in ReadOneMNGImage function in coders/png.c

EPSS

Процентиль: 61%
0.00406
Низкий

3.3 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-18272

CVSS3: 6.5
ubuntu
больше 7 лет назад

In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-after-free in ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted MNG image file that is mishandled in an MngInfoDiscardObject call.

nvd логотип

CVE-2017-18272

CVSS3: 6.5
nvd
больше 7 лет назад

In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-after-free in ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted MNG image file that is mishandled in an MngInfoDiscardObject call.

debian логотип

CVE-2017-18272

CVSS3: 6.5
debian
больше 7 лет назад

In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-after-fr ...

github логотип

GHSA-mcm9-58rh-8jmj

CVSS3: 6.5
github
больше 3 лет назад

In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-after-free in ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted MNG image file that is mishandled in an MngInfoDiscardObject call.

EPSS

Процентиль: 61%
0.00406
Низкий

3.3 Low

CVSS3