CVE-2017-17504

Published: 10 December 2017

ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage.

Priority

Low

CVSS 3 base score: 6.5

Status

Package Release Status
imagemagick
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver)
Released (8:6.9.7.4+dfsg-16ubuntu6.2)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (8:6.8.9.9-7ubuntu5.11)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [8:6.7.7.10-6ubuntu3.11])
Patches:
Upstream: https://github.com/ImageMagick/ImageMagick/commit/ce3a586a43a7d13442587eb7f28d129557b6a135