Your submission was sent successfully! Close

CVE-2017-8350

Published: 30 April 2017

In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file.

Priority

Negligible

CVSS 3 base score: 6.5

Status

Package Release Status
imagemagick
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus)
Released (8:6.8.9.9-7ubuntu5.7)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [8:6.7.7.10-6ubuntu3.7])

Notes

AuthorNote
mdeslaur
This is 0201-1-3-CVE-2017-8350-Fixed-more-memory-leaks.patch and
0202-3-3-CVE-2017-8350-Fixed-various-leaks-in-ReadOneJNGI.patch

References