Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2017-9262

Published: 29 May 2017

In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file.

Notes

AuthorNote
mdeslaur
This is 0048-CVE-2017-9262-Memory-leak-in-the-ReadJNGImage-functi.patch

Priority

Low

Cvss 3 Severity Score

6.5

Score breakdown

Status

Package Release Status
imagemagick
Launchpad, Ubuntu, Debian
precise Does not exist

trusty
Released (8:6.7.7.10-6ubuntu3.8)
upstream
Released (8:6.9.7.4+dfsg-10)
xenial
Released (8:6.8.9.9-7ubuntu5.8)
yakkety Ignored
(reached end-of-life)
zesty
Released (8:6.9.7.4+dfsg-3ubuntu1.2)
Patches:
upstream: https://github.com/ImageMagick/ImageMagick/commit/4649578df8dcbfb2b08d8623d52486dc124da3a8

Severity score breakdown

Parameter Value
Base score 6.5
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H