CVE-2017-10928 — Out-of-bounds Read in Imagemagick

CWE-125 — Out-of-bounds Read CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122 — Heap-based Buffer Overflow14 documents7 sources

Severity

8.8HIGHNVD

EPSS

1.2%

top 21.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagemagick Debian Imagemagick

Timeline

PublishedJul 5

Latest updateMay 14

Description

In ImageMagick 7.0.6-0, a heap-based buffer over-read in the GetNextToken function in token.c allows remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in coders/svg.c.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/imagemagick< imagemagick 8:6.9.9.34+dfsg-3 (bookworm)+1

▶Debianimagemagick/imagemagick< 8:6.9.9.34+dfsg-3+7

▶NVDimagemagick/imagemagick7.0.6, 7.0.6-0+1

🔴Vulnerability Details

GHSA

GHSA-hhj3-mp35-272p: GetNextToken in MagickCore/token↗2022-05-14

▶

GHSA

GHSA-9r4v-3qx7-f3mq: In ImageMagick 7↗2022-05-13

▶

OSV

CVE-2017-14682: GetNextToken in MagickCore/token↗2017-09-21

▶

OSV

CVE-2017-10928: In ImageMagick 7↗2017-07-05

▶

📋Vendor Advisories

Red Hat

ImageMagick: Heap buffer overflow in the GetNextToken function↗2017-09-18

▶

Ubuntu

ImageMagick vulnerabilities↗2017-07-24

▶

Red Hat

ImageMagick: heap-based buffer over-read in the GetNextToken function↗2017-07-21

▶

Debian

CVE-2017-14682: imagemagick - GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers ...↗2017

▶

Debian

CVE-2017-10928: imagemagick - In ImageMagick 7.0.6-0, a heap-based buffer over-read in the GetNextToken functi...↗2017

▶

💬Community

Bugzilla

CVE-2017-14682 ImageMagick: Heap buffer overflow in the GetNextToken function↗2017-10-09

▶

Bugzilla

CVE-2017-10928 ImageMagick: heap-based buffer over-read in the GetNextToken function [fedora-all]↗2017-07-21

▶

Bugzilla

CVE-2017-10928 ImageMagick: heap-based buffer over-read in the GetNextToken function↗2017-07-21

▶