CVE-2017-10794

Name of the Vulnerable Software and Affected Versions GraphicsMagick version 1.3.25

Description The issue is related to a buffer overflow in the dynamic memory of the coders/tiff.c component of the GraphicsMagick library when processing an RGB TIFF picture. This can be exploited by a remote attacker using a specially crafted image file, potentially leading to a denial of service. The buffer overflow is associated with the QuantumTransferMode.

Recommendations For GraphicsMagick version 1.3.25, consider restricting the use of the coders/tiff.c component until a patch is available. As a temporary workaround, avoid using the QuantumTransferMode in the affected coders/tiff.c component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.