CVE-2017-11641Missing Release of Resource after Effective Lifetime in Graphicsmagick

CWE-772Missing Release of Resource after Effective Lifetime8 documents6 sources
Severity
9.8CRITICALNVD
EPSS
0.5%
top 36.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GraphicsmagickDebian Graphicsmagick
Timeline
PublishedJul 26
Latest updateMay 13

Description

GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in magick/pixel_cache.c during writing of Magick Persistent Cache (MPC) files.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

debiandebian/graphicsmagick< graphicsmagick 1.3.26-4 (bookworm)
Debiangraphicsmagick/graphicsmagick< 1.3.26-4+3

🔴Vulnerability Details

2
GHSA
GHSA-h2gm-q33r-p9cc: GraphicsMagick 12022-05-13
OSV
CVE-2017-11641: GraphicsMagick 12017-07-26

📋Vendor Advisories

2
Ubuntu
GraphicsMagick vulnerabilities2019-12-16
Debian
CVE-2017-11641: graphicsmagick - GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in magick/p...2017

💬Community

3
Bugzilla
CVE-2017-11641 GraphicsMagick: Memory Leak in the PersistCache in magick/pixel_cache.c2017-07-26
Bugzilla
CVE-2017-11641 GraphicsMagick: Memory Leak in the PersistCache in magick/pixel_cache.c [fedora-all]2017-07-26
Bugzilla
CVE-2017-11641 GraphicsMagick: Memory Leak in the PersistCache in magick/pixel_cache.c [epel-all]2017-07-26