8.8

CVE-2017-16352

Exploit
GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GraphicsmagickGraphicsmagick Version1.3.26
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 14.51% 0.962
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html
Third Party Advisory
Mailing List
https://www.debian.org/security/2018/dsa-4321
Third Party Advisory
https://usn.ubuntu.com/4232-1/
ftp://ftp.graphicsmagick.org/pub/GraphicsMagick/snapshots/ChangeLog.txt
Vendor Advisory
Release Notes
http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset%3Bnode=7292230dd185
http://www.securityfocus.com/bid/101658
Third Party Advisory
VDB Entry
https://blogs.securiteam.com/index.php/archives/3494
Third Party Advisory
Exploit
https://lists.debian.org/debian-lts-announce/2017/11/msg00002.html
Third Party Advisory
Mailing List
https://www.exploit-db.com/exploits/43111/
Third Party Advisory
Exploit
VDB Entry