PT-2017-3869 · Graphicsmagick+2 · Graphicsmagick+2

Kirit Sankar Gupta

Publicado

2017-11-04

Atualizado

2020-01-22

CVE-2017-16545

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions GraphicsMagick version 1.3.26

Description The issue is related to the ReadWPGImage function in GraphicsMagick, which is vulnerable due to a null pointer dereference. This can be exploited by a remote attacker using a specially crafted WPG file, potentially allowing them to execute arbitrary code. Additionally, the function does not properly validate colormapped images, which can lead to a denial of service, causing the application to crash due to an invalid write.

Recommendations For GraphicsMagick version 1.3.26, consider disabling the ReadWPGImage function in coders/wpg.c as a temporary workaround until a patch is available. Restrict access to processing WPG images to minimize the risk of exploitation. Avoid using the ReadWPGImage function until the issue is resolved.

Correção

DoS

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

BDU:2019-04110

CVE-2017-16545

DLA-1456-1

DSA-4321-1

DSA-4321-2

OPENSUSE-SU-2017_3223-1

OPENSUSE-SU-2017_3420-1

SUSE-SU-2017:3378-1

SUSE-SU-2017:3388-1

SUSE-SU-2017:3435-1

USN-4248-1

Produtos afetados

Graphicsmagick

Suse

Ubuntu

PT-2017-3869 · Graphicsmagick+2 · Graphicsmagick+2

CVE-2017-16545

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 109