8.8
CVE-2017-16669
- EPSS 3.4%
- Veröffentlicht 09.11.2017 00:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Graphicsmagick ≫ Graphicsmagick Version1.3.26
Debian ≫ Debian Linux Version7.0
Debian ≫ Debian Linux Version8.0
Debian ≫ Debian Linux Version9.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.4% | 0.873 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html
https://www.debian.org/security/2018/dsa-4321
http://hg.code.sf.net/p/graphicsmagick/code/rev/e8086faa52d0
https://usn.ubuntu.com/4248-1/
http://hg.code.sf.net/p/graphicsmagick/code/rev/135bdcb88b8d
http://hg.code.sf.net/p/graphicsmagick/code/rev/1b9e64a8901e
http://hg.code.sf.net/p/graphicsmagick/code/rev/2a21cda3145b
http://hg.code.sf.net/p/graphicsmagick/code/rev/2b7c826d36af
http://hg.code.sf.net/p/graphicsmagick/code/rev/3dc7b4e3779d
http://hg.code.sf.net/p/graphicsmagick/code/rev/75245a215fff
http://hg.code.sf.net/p/graphicsmagick/code/rev/fcd3ed3394f6
http://www.securityfocus.com/bid/101795
https://lists.debian.org/debian-lts-announce/2017/11/msg00013.html
https://sourceforge.net/p/graphicsmagick/bugs/450/