CVE-2017-14138

Published: 04 September 2017

ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors.

Priority

Negligible

CVSS 3 base score: 9.8

Status

Package Release Status
imagemagick
Launchpad, Ubuntu, Debian
Upstream
Released (8:6.9.9.34+dfsg-3)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code not built)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not built)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not built])
Patches:
Upstream: https://github.com/ImageMagick/ImageMagick/commit/def00c720dffb57a821bd8acd77eac7b10a0568b
Upstream: https://github.com/ImageMagick/ImageMagick/commit/1c487cd945996a77ba611b83dc6a2ceedb89be3d