CVE-2017-8345

Published: 30 April 2017

In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file.

Priority

Negligible

CVSS 3 base score: 6.5

Status

Package Release Status
imagemagick
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 LTS (Xenial Xerus)
Released (8:6.8.9.9-7ubuntu5.7)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [8:6.7.7.10-6ubuntu3.7])
Ubuntu 12.04 ESM (Precise Pangolin) Does not exist
(precise was needs-triage)

Notes

AuthorNote
mdeslaur This is 0195-1-2-Prepare-fix-for-CVE-2017-8345.patch and 0196-2-2-Refactored-ReadMNGImage-to-fix-memory-leak-repor.patch

References