CVE-2017-11102Improper Input Validation in Graphicsmagick

CWE-20Improper Input Validation9 documents6 sources
Severity
7.5HIGHNVD
OSV5.5
EPSS
2.0%
top 16.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GraphicsmagickDebian Graphicsmagick
Timeline
PublishedJul 7
Latest updateMay 14

Description

The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (application crash) during JNG reading via a zero-length color_image data structure.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

debiandebian/graphicsmagick< graphicsmagick 1.3.26-2 (bookworm)
Debiangraphicsmagick/graphicsmagick< 1.3.26-2+3
Ubuntugraphicsmagick/graphicsmagick< 1.3.23-1ubuntu0.2

Patches

Patch: hg.code.sf.netPatch: hg.code.sf.netPatch: hg.code.sf.net

🔴Vulnerability Details

3
GHSA
GHSA-r2vp-58v7-7fxf: The ReadOneJNGImage function in coders/png2022-05-14
OSV
graphicsmagick vulnerabilities2019-12-02
OSV
CVE-2017-11102: The ReadOneJNGImage function in coders/png2017-07-07

📋Vendor Advisories

2
Ubuntu
GraphicsMagick vulnerabilities2019-12-02
Debian
CVE-2017-11102: graphicsmagick - The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows rem...2017

💬Community

3
Bugzilla
CVE-2017-11102 GraphicsMagick: Input validation failure in ReadOneJNGImage function may cause denial of service2017-07-21
Bugzilla
CVE-2017-11102 GraphicsMagick: Input validation failure in ReadOneJNGImage function may cause denial of service [fedora-all]2017-07-21
Bugzilla
CVE-2017-11102 GraphicsMagick: Input validation failure in ReadOneJNGImage function may cause denial of service [epel-all]2017-07-21