Your submission was sent successfully! Close

CVE-2017-6502

Published: 6 March 2017

An issue was discovered in ImageMagick 6.9.7. A specially crafted webp file could lead to a file-descriptor leak in libmagickcore (thus, a DoS).

Priority

CVSS 3 base score: 5.5

Status

Package	Release	Status
imagemagick Launchpad, Ubuntu, Debian	precise	Not vulnerable (code not compiled)
	trusty	Does not exist (trusty was not-affected [code not compiled])
	upstream	Needed
	xenial	Not vulnerable (code not compiled)
	yakkety	Not vulnerable (code not compiled)

Notes

Author	Note
mdeslaur	webp support isn't compiled in Debian/Ubuntu

References

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856883

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading