CVE-2017-11403 — Use After Free in Graphicsmagick
Severity
8.8HIGHNVD
OSV5.5
EPSS
1.0%
top 23.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 18
Latest updateMay 17
Description
The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages4 packages
Patches
🔴Vulnerability Details
7📋Vendor Advisories
5Red Hat▶
GraphicsMagick: Use after free in ReadOneJNGImage and ReadJNGImage functions in coders/png.c allow an attacker to cause a denial of service via crafted file↗2018-03-06
Debian▶
CVE-2017-14103: graphicsmagick - The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in GraphicsMagick...↗2017
Debian▶
CVE-2017-18220: graphicsmagick - The ReadOneJNGImage and ReadJNGImage functions in coders/png.c in GraphicsMagick...↗2017
Debian▶
CVE-2017-11403: graphicsmagick - The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of...↗2017
💬Community
4Bugzilla▶
CVE-2017-14103 GraphicsMagick: Use-after-free in ReadJNGImage and ReadOneJNGImage functions in coders/png.c↗2017-09-05