Vulnerability Description
The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file, because the program's actual control flow was inconsistent with its indentation. This resulted in a logging statement executing outside of a loop, and consequently using an invalid array index corresponding to the loop's exit condition.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Graphicsmagick | Graphicsmagick | 1.3.26 |
Related Weaknesses (CWE)
References
- http://hg.code.sf.net/p/graphicsmagick/code/rev/f423ba88ca4eIssue TrackingPatchThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://www.debian.org/security/2018/dsa-4321
- http://hg.code.sf.net/p/graphicsmagick/code/rev/f423ba88ca4eIssue TrackingPatchThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://www.debian.org/security/2018/dsa-4321
FAQ
What is CVE-2017-11722?
CVE-2017-11722 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file, because the p...
How severe is CVE-2017-11722?
CVE-2017-11722 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-11722?
Check the references section above for vendor advisories and patch information. Affected products include: Graphicsmagick Graphicsmagick.