CVE-2017-7606

Published: 09 April 2017

coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.

Priority

Low

CVSS 3 base score: 6.5

Status

Package Release Status
imagemagick
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 16.04 LTS (Xenial Xerus)
Released (8:6.8.9.9-7ubuntu5.7)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [8:6.7.7.10-6ubuntu3.7])
Patches:
Upstream: https://github.com/ImageMagick/ImageMagick/commit/b218117cad34d39b9ffb587b45c71c5a49b12bde