CVE-2017-6335 — Out-of-bounds Read in Graphicsmagick

CWE-125 — Out-of-bounds Read11 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

0.5%

top 34.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Graphicsmagick Debian Graphicsmagick

Timeline

PublishedMar 14

Latest updateMay 14

Description

The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a small samples per pixel value in a CMYKA TIFF file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/graphicsmagick< graphicsmagick 1.3.25-8 (bookworm)

▶Debiangraphicsmagick/graphicsmagick< 1.3.25-8+3

▶Ubuntugraphicsmagick/graphicsmagick< 1.3.23-1ubuntu0.2

▶NVDgraphicsmagick/graphicsmagick1.3.25

Patches

Patch: www.openwall.com ↗Patch: bugzilla.redhat.com ↗Patch: sourceforge.net ↗

🔴Vulnerability Details

GHSA

GHSA-fw22-8f9r-x377: The QuantumTransferMode function in coders/tiff↗2022-05-14

▶

OSV

graphicsmagick vulnerabilities↗2019-12-02

▶

OSV

CVE-2017-6335: The QuantumTransferMode function in coders/tiff↗2017-03-14

▶

📋Vendor Advisories

Ubuntu

GraphicsMagick vulnerabilities↗2019-12-02

▶

Red Hat

ImageMagick: Heap out-of-bounds read in tiff.c↗2017-02-23

▶

Debian

CVE-2017-6335: graphicsmagick - The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and e...↗2017

▶

💬Community

Bugzilla

CVE-2017-6335 GraphicsMagick: ImageMagick: Heap out-of-bounds read in tiff.c [fedora-all]↗2017-03-01

▶

Bugzilla

CVE-2017-6335 ImageMagick: Heap out-of-bounds read in tiff.c [fedora-all]↗2017-03-01

▶

Bugzilla

CVE-2017-6335 GraphicsMagick: ImageMagick: Heap out-of-bounds read in tiff.c [epel-all]↗2017-03-01

▶

Bugzilla

CVE-2017-6335 ImageMagick: Heap out-of-bounds read in tiff.c↗2017-03-01

▶