Missing Release of Resource after Effective Lifetime in imagemagick

Do your applications use this vulnerable package? Test your applications

Overview

In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service in CloneDrawInfo in draw.c.

References

Debian Security Advisory
Debian Security Tracker
GitHub Issue
Security Focus

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

None
Integrity

None
Availability

High

CVE: CVE-2017-12428
CWE: CWE-772
Snyk ID: SNYK-DEBIAN8-IMAGEMAGICK-402905
Disclosed: 04 Aug, 2017
Published: 04 Aug, 2017

Missing Release of Resource after Effective Lifetime
Affecting imagemagick package, versions *

Overview

References

CVSS Score

Missing Release of Resource after Effective Lifetime Affecting imagemagick package, versions *

Overview

References

Missing Release of Resource after Effective Lifetime
Affecting imagemagick package, versions *