CVE-2017-14103Use After Free in Graphicsmagick

CWE-416Use After Free7 documents5 sources
Severity
8.8HIGHNVD
EPSS
1.9%
top 16.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GraphicsmagickDebian Graphicsmagick
Timeline
PublishedSep 1
Latest updateMay 17

Description

The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 do not properly manage image pointers after certain error conditions, which allows remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-11403.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

debiandebian/graphicsmagick< graphicsmagick 1.3.26-8 (bookworm)
Debiangraphicsmagick/graphicsmagick< 1.3.26-8+3

Patches

Patch: hg.code.sf.netPatch: blogs.gentoo.orgPatch: hg.code.sf.net

🔴Vulnerability Details

2
GHSA
GHSA-f9pv-j3cq-p428: The ReadJNGImage and ReadOneJNGImage functions in coders/png2022-05-17
OSV
CVE-2017-14103: The ReadJNGImage and ReadOneJNGImage functions in coders/png2017-09-01

📋Vendor Advisories

1
Debian
CVE-2017-14103: graphicsmagick - The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in GraphicsMagick...2017

💬Community

3
Bugzilla
CVE-2017-13736 CVE-2017-13737 CVE-2017-13775 CVE-2017-13776 CVE-2017-13777 CVE-2017-14103 CVE-2017-14165 GraphicsMagick: various flaws [epel-all]2017-09-05
Bugzilla
CVE-2017-14103 GraphicsMagick: Use-after-free in ReadJNGImage and ReadOneJNGImage functions in coders/png.c2017-09-05
Bugzilla
CVE-2017-11638 CVE-2017-11642 CVE-2017-11722 CVE-2017-12935 CVE-2017-12936 CVE-2017-12937 CVE-2017-13063 CVE-2017-13064 CVE-2017-13065 CVE-2017-13648 CVE-2017-13736 CVE-2017-13737 CVE-2017-13775 ... G2017-07-26