CVE-2017-13736 — Missing Release of Resource after Effective Lifetime in Graphicsmagick

CWE-772 — Missing Release of Resource after Effective Lifetime7 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.7%

top 27.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Graphicsmagick Debian Graphicsmagick

Timeline

PublishedAug 29

Latest updateMay 13

Description

There are lots of memory leaks in the GMCommand function in magick/command.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶debiandebian/graphicsmagick

▶NVDgraphicsmagick/graphicsmagick1.3.26

🔴Vulnerability Details

GHSA

GHSA-h38q-p5gr-8r5r: There are lots of memory leaks in the GMCommand function in magick/command↗2022-05-13

▶

OSV

CVE-2017-13736: There are lots of memory leaks in the GMCommand function in magick/command↗2017-08-29

▶

📋Vendor Advisories

Debian

CVE-2017-13736: graphicsmagick - There are lots of memory leaks in the GMCommand function in magick/command.c in ...↗2017

▶

💬Community

Bugzilla

CVE-2017-13736 GraphicsMagick: Memory leaks in the GMCommand function↗2017-09-06

▶

Bugzilla

CVE-2017-13736 CVE-2017-13737 CVE-2017-13775 CVE-2017-13776 CVE-2017-13777 CVE-2017-14103 CVE-2017-14165 GraphicsMagick: various flaws [epel-all]↗2017-09-05

▶

Bugzilla

CVE-2017-11638 CVE-2017-11642 CVE-2017-11722 CVE-2017-12935 CVE-2017-12936 CVE-2017-12937 CVE-2017-13063 CVE-2017-13064 CVE-2017-13065 CVE-2017-13648 CVE-2017-13736 CVE-2017-13737 CVE-2017-13775 ... G↗2017-07-26

▶