QwikSec

Security Database

CVE

CWE

Training

CVE-2017-16353

Published: Nov 1, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments are never checked.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset%3Bnode=e4e1c2a581d8

x_refsource_MISC

vdb-entry

x_refsource_BID

exploit

x_refsource_EXPLOIT-DB

vendor-advisory

x_refsource_DEBIAN

[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update

mailing-list

x_refsource_MLIST

https://blogs.securiteam.com/index.php/archives/3494

x_refsource_MISC

[debian-lts-announce] 20171103 [SECURITY] [DLA 1159-1] graphicsmagick security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_UBUNTU

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.