CVE-2017-7941 — Missing Release of Resource after Effective Lifetime in Imagemagick

CWE-772 — Missing Release of Resource after Effective Lifetime CWE-460 — Improper Cleanup on Thrown Exception9 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

1.1%

top 22.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagemagick Debian Imagemagick Debian Linux

Timeline

PublishedApr 18

Latest updateMay 13

Description

The ReadSGIImage function in sgi.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/imagemagick< imagemagick 8:6.9.7.4+dfsg-6 (bookworm)

▶Debianimagemagick/imagemagick< 8:6.9.7.4+dfsg-6+3

▶NVDimagemagick/imagemagick7.0.5-4

Also affects: Debian Linux 8.0, 9.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-3mc7-mrgm-m6rp: The ReadSGIImage function in sgi↗2022-05-13

▶

OSV

CVE-2017-7941: The ReadSGIImage function in sgi↗2017-04-18

▶

📋Vendor Advisories

Ubuntu

ImageMagick vulnerabilities↗2017-05-30

▶

Red Hat

ImageMagick: Memory leak in ReadSGIImage↗2017-04-17

▶

Debian

CVE-2017-7941: imagemagick - The ReadSGIImage function in sgi.c in ImageMagick 7.0.5-4 allows remote attacker...↗2017

▶

💬Community

Bugzilla

CVE-2017-7941 CVE-2017-7942 CVE-2017-7943 CVE-2017-8352 ImageMagick: various flaws [fedora-all]↗2017-06-26

▶

Bugzilla

CVE-2017-7941 ImageMagick: Memory leak in ReadSGIImage↗2017-04-26

▶

Bugzilla

CVE-2017-7941 CVE-2017-7942 CVE-2017-7943 ImageMagick: various flaws [fedora-all]↗2017-04-26

▶