[Forgot Password]
Login  Register Subscribe

23631

 
 

127000

 
 

102010

 
 

909

 
 

81309

 
 

123

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2017-16669Date: (C)2017-11-10   (M)2018-02-19


coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c.

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score  : 8.8CVSS Score  : 6.8
Exploit Score: 2.8Exploit Score: 8.6
Impact Score : 5.9Impact Score : 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: MEDIUM
Privileges Required: NONEAuthentication: NONE
User Interaction: REQUIREDConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: HIGHAvailability: PARTIAL
Integrity: HIGH 
Availability: HIGH 
  





Reference:
BID-101795
https://lists.debian.org/debian-lts-announce/2017/11/msg00013.html
http://hg.code.sf.net/p/graphicsmagick/code/rev/135bdcb88b8d
http://hg.code.sf.net/p/graphicsmagick/code/rev/1b9e64a8901e
http://hg.code.sf.net/p/graphicsmagick/code/rev/2a21cda3145b
http://hg.code.sf.net/p/graphicsmagick/code/rev/2b7c826d36af
http://hg.code.sf.net/p/graphicsmagick/code/rev/3dc7b4e3779d
http://hg.code.sf.net/p/graphicsmagick/code/rev/75245a215fff
http://hg.code.sf.net/p/graphicsmagick/code/rev/e8086faa52d0
http://hg.code.sf.net/p/graphicsmagick/code/rev/fcd3ed3394f6
https://sourceforge.net/p/graphicsmagick/bugs/450/

CPE    1
cpe:/a:graphicsmagick:graphicsmagick:1.3.26
CWE    1
CWE-119
OVAL    2
oval:org.secpod.oval:def:113969
oval:org.secpod.oval:def:113967

© 2013 SecPod Technologies