Out-of-Bounds in imagemagick

Do your applications use this vulnerable package? Test your applications

Overview

The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.

References

Debian Security Advisory
Debian Security Advisory
Debian Security Tracker
GitHub Commit
GitHub Commit
GitHub Issue
Ubuntu CVE Tracker
Ubuntu Security Advisory

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

Required
Scope

Unchanged
Confidentiality

High
Integrity

High
Availability

High

CVE: CVE-2017-16546
CWE: CWE-119
Snyk ID: SNYK-DEBIAN9-IMAGEMAGICK-400528
Disclosed: 05 Nov, 2017
Published: 05 Nov, 2017

Out-of-Bounds
Affecting imagemagick package, versions <8:6.9.7.4+dfsg-11+deb9u4

Overview

References

CVSS Score

Out-of-Bounds Affecting imagemagick package, versions <8:6.9.7.4+dfsg-11+deb9u4

Overview

References

Out-of-Bounds
Affecting imagemagick package, versions <8:6.9.7.4+dfsg-11+deb9u4