CVE-2017-13776 — Excessive Iteration in Graphicsmagick
Severity
6.5MEDIUMNVD
EPSS
1.1%
top 22.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 30
Latest updateMay 13
Description
GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version!=10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6
Affected Packages6 packages
Also affects: Debian Linux 8.0, 9.0
Patches
🔴Vulnerability Details
2📋Vendor Advisories
4Microsoft▶
systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits as demonstrated by use of root privileges when privileges of the 0x0 user accou↗2020-06-09
Red Hat▶
systemd: Mishandles numerical usernames beginning with decimal digits or 0x followed by hexadecimal digits↗2020-05-31
Debian▶
CVE-2017-13776: graphicsmagick - GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coder...↗2017
💬Community
3Bugzilla▶
CVE-2017-13736 CVE-2017-13737 CVE-2017-13775 CVE-2017-13776 CVE-2017-13777 CVE-2017-14103 CVE-2017-14165 GraphicsMagick: various flaws [epel-all]↗2017-09-05
Bugzilla
▶
Bugzilla▶
CVE-2017-11638 CVE-2017-11642 CVE-2017-11722 CVE-2017-12935 CVE-2017-12936 CVE-2017-12937 CVE-2017-13063 CVE-2017-13064 CVE-2017-13065 CVE-2017-13648 CVE-2017-13736 CVE-2017-13737 CVE-2017-13775 ... G↗2017-07-26