Your submission was sent successfully! Close

CVE-2017-13134

Published: 22 August 2017

In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attackers to cause a denial of service via a crafted file.

From the Ubuntu security team

It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
graphicsmagick
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(1.3.26-19)
disco Not vulnerable
(1.3.26-19)
eoan Not vulnerable
(1.3.26-19)
focal Not vulnerable
(1.3.26-19)
groovy Not vulnerable
(1.3.26-19)
hirsute Not vulnerable
(1.3.26-19)
impish Not vulnerable
(1.3.26-19)
jammy Not vulnerable
(1.3.26-19)
precise Does not exist

trusty Needed

upstream
Released (1.3.26-19)
xenial
Released (1.3.23-1ubuntu0.3)
imagemagick
Launchpad, Ubuntu, Debian
artful
Released (8:6.9.7.4+dfsg-16ubuntu2.2)
bionic
Released (8:6.9.7.4+dfsg-16ubuntu6.2)
disco Not vulnerable
(8:6.9.7.4+dfsg-16ubuntu8)
eoan Not vulnerable
(8:6.9.7.4+dfsg-16ubuntu8)
focal Not vulnerable
(8:6.9.7.4+dfsg-16ubuntu8)
groovy Not vulnerable
(8:6.9.7.4+dfsg-16ubuntu8)
hirsute Not vulnerable
(8:6.9.7.4+dfsg-16ubuntu8)
impish Not vulnerable
(8:6.9.7.4+dfsg-16ubuntu8)
jammy Not vulnerable
(8:6.9.7.4+dfsg-16ubuntu8)
precise Does not exist

trusty Does not exist

upstream
Released (8:6.9.9.34+dfsg-3)
xenial
Released (8:6.8.9.9-7ubuntu5.11)
zesty Ignored
(reached end-of-life)