CVE-2017-13132Reachable Assertion in Imagemagick

CWE-617Reachable AssertionCWE-665Improper Initialization6 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 51.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ImagemagickDebian Imagemagick
Timeline
PublishedAug 23
Latest updateMay 13

Description

In ImageMagick 7.0.6-8, the WritePDFImage function in coders/pdf.c operates on an incorrect data structure in the "dump uncompressed PseudoColor packets" step, which allows attackers to cause a denial of service (assertion failure in WriteBlobStream in MagickCore/blob.c) via a crafted file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

1
GHSA
GHSA-fgjw-5p88-vmrp: In ImageMagick 72022-05-13

📋Vendor Advisories

2
Red Hat
ImageMagick: Assertion failure WriteBlobStream function in MagickCore/blob.c2017-08-23
Debian
CVE-2017-13132: imagemagick - In ImageMagick 7.0.6-8, the WritePDFImage function in coders/pdf.c operates on a...2017

💬Community

2
Bugzilla
CVE-2017-13131 CVE-2017-13132 CVE-2017-13133 CVE-2017-13134 ImageMagick: various flaws [fedora-all]2017-08-30
Bugzilla
CVE-2017-13132 ImageMagick: Assertion failure WriteBlobStream function in MagickCore/blob.c2017-08-30