Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2017-16353 — Out-of-bounds Read in Graphicsmagick
Severity
6.5MEDIUMNVD
EPSS
32.3%
top 3.15%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedNov 1
Latest updateMay 24
Description
GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments are never checked.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6
Affected Packages3 packages
Also affects: Debian Linux 7.0, 8.0, 9.0
🔴Vulnerability Details
2💥Exploits & PoCs
1📋Vendor Advisories
3💬Community
4Bugzilla▶
CVE-2017-16353 GraphicsMagick: ImageMagick, GraphicsMagick: memory information disclosure in DescribeImage function in magick/describe.c [fedora-all]↗2017-11-20
Bugzilla▶
CVE-2017-16353 ImageMagick, GraphicsMagick: memory information disclosure in DescribeImage function in magick/describe.c↗2017-11-10
Bugzilla▶
CVE-2017-16353 ImageMagick: ImageMagick, GraphicsMagick: memory information disclosure in DescribeImage function in magick/describe.c [fedora-all]↗2017-11-10
Bugzilla▶
CVE-2017-16353 GraphicsMagick: ImageMagick, GraphicsMagick: memory information disclosure in DescribeImage function in magick/describe.c [epel-all]↗2017-11-10