CVE-2017-16669

Published: 09 November 2017

coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c.

From the Ubuntu security team

It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.

Priority

CVSS 3 base score: 8.8

Status

Package	Release	Status
graphicsmagick Launchpad, Ubuntu, Debian	Upstream	Needs triage

	Ubuntu 20.10 (Groovy Gorilla)	Not vulnerable (1.3.26-19)
	Ubuntu 20.04 LTS (Focal Fossa)	Not vulnerable (1.3.26-19)
	Ubuntu 18.04 LTS (Bionic Beaver)	Not vulnerable (1.3.26-19)
	Ubuntu 16.04 LTS (Xenial Xerus)	Released (1.3.23-1ubuntu0.5)
	Ubuntu 14.04 ESM (Trusty Tahr)	Needed
	Patches: Upstream: http://hg.code.sf.net/p/graphicsmagick/code/rev/135bdcb88b8d Upstream: http://hg.code.sf.net/p/graphicsmagick/code/rev/1b9e64a8901e Upstream: http://hg.code.sf.net/p/graphicsmagick/code/rev/2a21cda3145b Upstream: http://hg.code.sf.net/p/graphicsmagick/code/rev/2b7c826d36af Upstream: http://hg.code.sf.net/p/graphicsmagick/code/rev/3dc7b4e3779d Upstream: http://hg.code.sf.net/p/graphicsmagick/code/rev/75245a215fff Upstream: http://hg.code.sf.net/p/graphicsmagick/code/rev/e8086faa52d0 Upstream: http://hg.code.sf.net/p/graphicsmagick/code/rev/fcd3ed3394f6

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM