CVE-2017-16547

Name of the Vulnerable Software and Affected Versions GraphicsMagick version 1.3.26

Description The issue is related to the DrawImage function in magick/render.c, which does not properly handle push and pop keywords, allowing remote attackers to cause a denial of service or possibly have other unspecified impacts via a crafted file. This can lead to a negative strncpy and application crash. The vulnerability exists due to insufficient input validation, potentially affecting the confidentiality, integrity, and availability of protected information.

Recommendations For GraphicsMagick version 1.3.26, consider disabling the DrawImage function in magick/render.c as a temporary workaround until a patch is available. Restrict the use of crafted files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.