Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2017-16352 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Graphicsmagick
CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer11 documents9 sources
Severity
8.8HIGHNVD
EPSS
31.4%
top 3.21%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedNov 1
Latest updateMay 24
Description
GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages3 packages
Also affects: Debian Linux 7.0, 8.0, 9.0
🔴Vulnerability Details
2💥Exploits & PoCs
1📋Vendor Advisories
3📄Research Papers
1arXiv
▶
💬Community
3Bugzilla▶
CVE-2017-16352 ImageMagick: ImageMagick, GraphicsMagick: Heap based buffer over-write in DescribeImage() function of the magick/describe.c or magick/image.c [fedora-all]↗2017-11-10
Bugzilla▶
CVE-2017-16352 ImageMagick, GraphicsMagick: Heap based buffer over-write in DescribeImage() function of the magick/describe.c or magick/image.c↗2017-11-10
Bugzilla▶
CVE-2017-16352 GraphicsMagick: ImageMagick, GraphicsMagick: Heap based buffer over-write in DescribeImage() function of the magick/describe.c or magick/image.c [epel-all]↗2017-11-10