An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allows attackers to cause a denial of service via a crafted file, because file size is not properly used to restrict scanline, strip, and tile allocations.
References
Link | Resource |
---|---|
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/752c0b41fa32 | Exploit Issue Tracking Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2018/03/msg00025.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html | Mailing List Third Party Advisory |
https://sourceforge.net/p/graphicsmagick/bugs/461/ | Release Notes |
https://usn.ubuntu.com/4266-1/ | |
https://www.debian.org/security/2018/dsa-4321 | Third Party Advisory |
Configurations
History
No history.
Information
Published : 2018-03-14 02:29
Updated : 2024-02-04 19:46
NVD link : CVE-2017-18229
Mitre link : CVE-2017-18229
CVE.ORG link : CVE-2017-18229
JSON object : View
Products Affected
debian
- debian_linux
graphicsmagick
- graphicsmagick
CWE
CWE-770
Allocation of Resources Without Limits or Throttling