Back to search
CVE-2017-11722
Published: Jul 28, 2017
Modified: Aug 5, 2024
PUBLISHED
Description
The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file, because the program's actual control flow was inconsistent with its indentation. This resulted in a logging statement executing outside of a loop, and consequently using an invalid array index corresponding to the loop's exit condition.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
DSA-4321
vendor-advisory
x_refsource_DEBIAN
http://hg.code.sf.net/p/graphicsmagick/code/rev/f423ba88ca4e
x_refsource_MISC
FEDORA-2019-da4c20882c
vendor-advisory
x_refsource_FEDORA
FEDORA-2019-425a1aa7c9
vendor-advisory
x_refsource_FEDORA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now