CVE-2017-18251 — Missing Release of Resource after Effective Lifetime in Imagemagick

CWE-772 — Missing Release of Resource after Effective Lifetime CWE-400 — Uncontrolled Resource Consumption8 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

0.4%

top 42.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagemagick Debian Imagemagick Canonical Ubuntu Linux

Timeline

PublishedMar 27

Latest updateMay 13

Description

An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/imagemagick< imagemagick 8:6.9.9.34+dfsg-3 (bookworm)

▶Debianimagemagick/imagemagick< 8:6.9.9.34+dfsg-3+3

▶NVDimagemagick/imagemagick7.0.7

Also affects: Ubuntu Linux 14.04, 16.04, 17.10, 18.04

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-h932-vm9h-xxph: An issue was discovered in ImageMagick 7↗2022-05-13

▶

OSV

CVE-2017-18251: An issue was discovered in ImageMagick 7↗2018-03-27

▶

📋Vendor Advisories

Ubuntu

ImageMagick vulnerabilities↗2018-06-12

▶

Red Hat

ImageMagick: memory leak in ReadPCDImage function in coders/pcd.c↗2017-09-30

▶

Debian

CVE-2017-18251: imagemagick - An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was fo...↗2017

▶

💬Community

Bugzilla

CVE-2017-18251 ImageMagick: memory leak in ReadPCDImage function in coders/pcd.c↗2018-03-28

▶

Bugzilla

CVE-2017-18250 CVE-2017-18251 CVE-2017-18252 CVE-2017-18253 CVE-2017-18254 CVE-2018-9133 ImageMagick: various flaws [fedora-all]↗2018-03-28

▶