CVE-2017-11450Improper Input Validation in Imagemagick

CWE-20Improper Input Validation8 documents7 sources
Severity
8.8HIGHNVD
EPSS
0.4%
top 39.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
ImagemagickDebian ImagemagickDebian Linux
Timeline
PublishedJul 19
Latest updateMay 13

Description

coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via JPEG data that is too short.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

debiandebian/imagemagick< imagemagick 8:6.9.7.4+dfsg-12 (bookworm)
NVDimagemagick/imagemagick7.0.0-07.0.6-1+1
Debianimagemagick/imagemagick< 8:6.9.7.4+dfsg-12+3

Also affects: Debian Linux 10.0, 9.0

Patches

Patch: bugs.debian.orgPatch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-rwq6-6rqm-8pf2: coders/jpeg2022-05-13
OSV
CVE-2017-11450: coders/jpeg2017-07-19

📋Vendor Advisories

3
Ubuntu
ImageMagick vulnerabilities2017-07-24
Red Hat
ImageMagick: Too short JPEG data causes denial of service in coders/jpeg.c2017-07-21
Debian
CVE-2017-11450: imagemagick - coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to cause a d...2017

💬Community

2
Bugzilla
CVE-2017-11450 ImageMagick: Too short JPEG data causes denial of service in coders/jpeg.c2017-07-21
Bugzilla
CVE-2017-11450 ImageMagick: Too short JPEG data causes denial of service in coders/jpeg.c [fedora-all]2017-07-21