CVE-2017-13737 — Use After Free in Graphicsmagick

CWE-416 — Use After Free8 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

1.8%

top 17.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Graphicsmagick Debian Graphicsmagick Debian Linux

Timeline

PublishedAug 29

Latest updateMay 14

Description

There is an invalid free in the MagickFree function in magick/memory.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/graphicsmagick< graphicsmagick 1.3.26-15 (bookworm)

▶Debiangraphicsmagick/graphicsmagick< 1.3.26-15+3

▶NVDgraphicsmagick/graphicsmagick1.3.26

Also affects: Debian Linux 8.0, 9.0

Patches

Patch: hg.graphicsmagick.org ↗Patch: hg.graphicsmagick.org ↗

🔴Vulnerability Details

GHSA

GHSA-v5jv-6f5x-646h: There is an invalid free in the MagickFree function in magick/memory↗2022-05-14

▶

OSV

CVE-2017-13737: There is an invalid free in the MagickFree function in magick/memory↗2017-08-29

▶

📋Vendor Advisories

Ubuntu

GraphicsMagick vulnerabilities↗2019-12-16

▶

Debian

CVE-2017-13737: graphicsmagick - There is an invalid free in the MagickFree function in magick/memory.c in Graphi...↗2017

▶

💬Community

Bugzilla

CVE-2017-13737 GraphicsMagick: Invalid free in the MagickFree function↗2017-09-06

▶

Bugzilla

CVE-2017-13736 CVE-2017-13737 CVE-2017-13775 CVE-2017-13776 CVE-2017-13777 CVE-2017-14103 CVE-2017-14165 GraphicsMagick: various flaws [epel-all]↗2017-09-05

▶

Bugzilla

CVE-2017-11638 CVE-2017-11642 CVE-2017-11722 CVE-2017-12935 CVE-2017-12936 CVE-2017-12937 CVE-2017-13063 CVE-2017-13064 CVE-2017-13065 CVE-2017-13648 CVE-2017-13736 CVE-2017-13737 CVE-2017-13775 ... G↗2017-07-26

▶