CVE-2017-18229
Published: 14 March 2018
An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allows attackers to cause a denial of service via a crafted file, because file size is not properly used to restrict scanline, strip, and tile allocations.
From the Ubuntu Security Team
It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
Priority
Status
Package | Release | Status |
---|---|---|
graphicsmagick Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Not vulnerable
(1.3.28-1)
|
|
cosmic |
Not vulnerable
(1.3.28-1)
|
|
disco |
Not vulnerable
(1.3.28-1)
|
|
eoan |
Not vulnerable
(1.3.28-1)
|
|
focal |
Not vulnerable
(1.3.28-1)
|
|
groovy |
Not vulnerable
(1.3.28-1)
|
|
hirsute |
Not vulnerable
(1.3.28-1)
|
|
impish |
Not vulnerable
(1.3.28-1)
|
|
jammy |
Not vulnerable
(1.3.28-1)
|
|
trusty |
Released
(1.3.18-1ubuntu3.1+esm6)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
upstream |
Released
(1.3.27-1)
|
|
xenial |
Released
(1.3.23-1ubuntu0.6)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |