CVE-2017-11139 — Double Free in Graphicsmagick

CWE-415 — Double Free9 documents6 sources

Severity

9.8CRITICALNVD

EPSS

0.5%

top 35.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Graphicsmagick Debian Graphicsmagick Debian Linux

Timeline

PublishedJul 10

Latest updateMay 14

Description

GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/graphicsmagick< graphicsmagick 1.3.26-2 (bookworm)

▶Debiangraphicsmagick/graphicsmagick< 1.3.26-2+3

▶NVDgraphicsmagick/graphicsmagick1.3.26

Also affects: Debian Linux 9.0

Patches

Patch: hg.code.sf.net ↗Patch: hg.code.sf.net ↗

🔴Vulnerability Details

GHSA

GHSA-7cwc-rhfj-qp22: GraphicsMagick 1↗2022-05-14

▶

OSV

CVE-2017-11139: GraphicsMagick 1↗2017-07-10

▶

📋Vendor Advisories

Debian

CVE-2017-11139: graphicsmagick - GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() f...↗2017

▶

💬Community

Bugzilla

CVE-2017-11139 GraphicsMagick: double free vulnerabilities in the [fedora-all]↗2017-07-21

▶

Bugzilla

CVE-2017-11139 GraphicsMagick: double free vulnerabilities in the [epel-all]↗2017-07-21

▶

Bugzilla

CVE-2017-11139 GraphicsMagick: double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c [fedora-all]↗2017-07-21

▶

Bugzilla

CVE-2017-11139 GraphicsMagick: double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c↗2017-07-21

▶