Vulnerability Description
A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm.c in GraphicsMagick 1.3.26. The vulnerability causes a big memory allocation, which may lead to remote denial of service in the MagickRealloc function in magick/memory.c.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Graphicsmagick | Graphicsmagick | 1.3.26 |
Related Weaknesses (CWE)
References
- http://hg.code.sf.net/p/graphicsmagick/code/rev/3bbf7a13643dIssue TrackingPatchThird Party Advisory
- http://www.securityfocus.com/bid/100556Third Party AdvisoryVDB Entry
- https://blogs.gentoo.org/ago/2017/08/28/graphicsmagick-memory-allocation-failureExploitPatchThird Party Advisory
- https://usn.ubuntu.com/4206-1/
- http://hg.code.sf.net/p/graphicsmagick/code/rev/3bbf7a13643dIssue TrackingPatchThird Party Advisory
- http://www.securityfocus.com/bid/100556Third Party AdvisoryVDB Entry
- https://blogs.gentoo.org/ago/2017/08/28/graphicsmagick-memory-allocation-failureExploitPatchThird Party Advisory
- https://usn.ubuntu.com/4206-1/
FAQ
What is CVE-2017-14042?
CVE-2017-14042 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm.c in GraphicsMagick 1.3.26. The vulnerability causes a big memory allocation, which may lead to remote denial of s...
How severe is CVE-2017-14042?
CVE-2017-14042 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-14042?
Check the references section above for vendor advisories and patch information. Affected products include: Graphicsmagick Graphicsmagick.