CVE-2017-14103
HIGH8.8EPSS 1.1%graphicsmagick - security update
發布日:2017/9/1修改日:2026/4/28
也稱為:DEBIAN-CVE-2017-14103
描述
The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 do not properly manage image pointers after certain error conditions, which allows remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-11403.
受影響套件(2)
- Debian/graphicsmagickfrom 0, < 1.3.26-8
- Debian/graphicsmagickfrom 0, < 1.3.16-1.1+deb7u10
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |