CVE-2017-14103

The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 do not properly manage image pointers after certain error conditions, which allows remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-11403.
Configurations

Configuration 1 (hide)

cpe:2.3:a:graphicsmagick:graphicsmagick:1.3.26:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-09-01 13:29

Updated : 2024-02-04 19:29


NVD link : CVE-2017-14103

Mitre link : CVE-2017-14103

CVE.ORG link : CVE-2017-14103


JSON object : View

Products Affected

graphicsmagick

  • graphicsmagick
CWE
CWE-416

Use After Free