PT-2017-3836 · Graphicsmagick+2 · Graphicsmagick+2

Publicado

2017-07-07

Atualizado

2019-12-02

CVE-2017-11102

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions GraphicsMagick version 1.3.26

Description The issue exists due to insufficient input validation in the ReadOneJNGImage function, located in coders/png.c. This allows a remote attacker to cause a denial of service, resulting in an application crash, by providing a specially crafted JNG file with a zero-length color image data structure.

Recommendations For GraphicsMagick version 1.3.26, consider disabling the ReadOneJNGImage function as a temporary workaround until a patch is available. Restrict access to JNG files to minimize the risk of exploitation. Avoid using the ReadOneJNGImage function for reading JNG files until the issue is resolved.

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

BDU:2019-04042

CVE-2017-11102

DLA-1045-1

DLA-1456-1

DSA-4321-1

DSA-4321-2

SUSE-SU-2018:0413-1

USN-4206-1

Produtos afetados

Graphicsmagick

Suse

Ubuntu

PT-2017-3836 · Graphicsmagick+2 · Graphicsmagick+2

CVE-2017-11102

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 96