CVE-2017-13147 — Improper Input Validation in Graphicsmagick

CWE-20 — Improper Input Validation CWE-476 — NULL Pointer Dereference10 documents7 sources

Severity

8.8HIGHNVD

OSV5.5

EPSS

0.4%

top 37.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Graphicsmagick Debian Graphicsmagick

Timeline

PublishedAug 23

Latest updateMay 13

Description

In GraphicsMagick 1.3.26, an allocation failure vulnerability was found in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/graphicsmagick< graphicsmagick 1.3.27-1 (bookworm)

▶Debiangraphicsmagick/graphicsmagick< 1.3.27-1+3

▶Ubuntugraphicsmagick/graphicsmagick< 1.3.23-1ubuntu0.2

▶NVDgraphicsmagick/graphicsmagick1.3.26

Patches

Patch: sourceforge.net ↗Patch: sourceforge.net ↗

🔴Vulnerability Details

GHSA

GHSA-c83v-95vq-jq7j: In GraphicsMagick 1↗2022-05-13

▶

OSV

graphicsmagick vulnerabilities↗2019-12-02

▶

OSV

CVE-2017-13147: In GraphicsMagick 1↗2017-08-23

▶

📋Vendor Advisories

Ubuntu

GraphicsMagick vulnerabilities↗2019-12-02

▶

Red Hat

audiofile: a NULL pointer dereference in ulaw2linear_buf in G711.cpp in libmodules.a leading to DoS↗2019-06-30

▶

Debian

CVE-2017-13147: graphicsmagick - In GraphicsMagick 1.3.26, an allocation failure vulnerability was found in the f...↗2017

▶

💬Community

Bugzilla

CVE-2017-13147 GraphicsMagick: Allocation failure in ReadMNGImage function in coders/png.c [fedora-all]↗2017-08-23

▶

Bugzilla

CVE-2017-13147 GraphicsMagick: Allocation failure in ReadMNGImage function in coders/png.c [epel-all]↗2017-08-23

▶

Bugzilla

CVE-2017-13147 GraphicsMagick: Allocation failure in ReadMNGImage function in coders/png.c↗2017-08-23

▶