CVE-2017-13142Improper Check for Unusual or Exceptional Conditions in Imagemagick

CWE-754Improper Check for Unusual or Exceptional ConditionsCWE-20Improper Input Validation8 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 43.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ImagemagickDebian Imagemagick
Timeline
PublishedAug 23
Latest updateMay 14

Description

In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

debiandebian/imagemagick< imagemagick 8:6.9.7.4+dfsg-15 (bookworm)
Debianimagemagick/imagemagick< 8:6.9.7.4+dfsg-15+3
NVDimagemagick/imagemagick6.9.9-0+56

Patches

Patch: bugs.debian.orgPatch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-m5qm-c3vm-j6hm: In ImageMagick before 62022-05-14
OSV
CVE-2017-13142: In ImageMagick before 62017-08-23

📋Vendor Advisories

3
Ubuntu
ImageMagick vulnerabilities2018-06-12
Red Hat
ImageMagick: Improper validation of short files in coders/png.c2017-08-23
Debian
CVE-2017-13142: imagemagick - In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could t...2017

💬Community

2
Bugzilla
CVE-2017-13142 ImageMagick: Improper validation of short files in coders/png.c2017-08-30
Bugzilla
CVE-2017-13139 CVE-2017-13140 CVE-2017-13141 CVE-2017-13142 CVE-2017-13143 CVE-2017-13144 CVE-2017-13145 CVE-2017-13146 ImageMagick: various flaws [fedora-all]2017-08-30