CVE-2017-14042Improper Restriction of Operations within the Bounds of a Memory Buffer in Graphicsmagick

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents6 sources
Severity
6.5MEDIUMNVD
OSV5.5
EPSS
0.4%
top 37.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GraphicsmagickDebian Graphicsmagick
Timeline
PublishedAug 30
Latest updateMay 13

Description

A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm.c in GraphicsMagick 1.3.26. The vulnerability causes a big memory allocation, which may lead to remote denial of service in the MagickRealloc function in magick/memory.c.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

debiandebian/graphicsmagick< graphicsmagick 1.3.26-9 (bookworm)
Debiangraphicsmagick/graphicsmagick< 1.3.26-9+3
Ubuntugraphicsmagick/graphicsmagick< 1.3.23-1ubuntu0.2

Patches

Patch: hg.code.sf.netPatch: blogs.gentoo.orgPatch: hg.code.sf.net

🔴Vulnerability Details

3
GHSA
GHSA-m5q2-75v9-r9fr: A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm2022-05-13
OSV
graphicsmagick vulnerabilities2019-12-02
OSV
CVE-2017-14042: A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm2017-08-30

📋Vendor Advisories

2
Ubuntu
GraphicsMagick vulnerabilities2019-12-02
Debian
CVE-2017-14042: graphicsmagick - A memory allocation failure was discovered in the ReadPNMImage function in coder...2017

💬Community

2
Bugzilla
CVE-2017-12935 CVE-2017-12936 CVE-2017-12937 CVE-2017-13063 CVE-2017-13064 CVE-2017-13065 CVE-2017-13648 CVE-2017-14042 GraphicsMagick: Multiple vulnerabilities2017-08-31
Bugzilla
CVE-2017-11638 CVE-2017-11642 CVE-2017-11722 CVE-2017-12935 CVE-2017-12936 CVE-2017-12937 CVE-2017-13063 CVE-2017-13064 CVE-2017-13065 CVE-2017-13648 CVE-2017-14042 CVE-2017-14314 GraphicsMagick: vari2017-07-26