CVE-2017-17913

Name of the Vulnerable Software and Affected Versions GraphicsMagick version 1.4 snapshot-20171217 Q8

Description The issue is related to a stack-based buffer over-read in the WriteWEBPImage function in coders/webp.c, which is caused by an incompatibility with libwebp versions 0.5.0 and later that use a different structure type. This could potentially allow a remote attacker to execute arbitrary code due to a buffer overflow error.

Recommendations For GraphicsMagick version 1.4 snapshot-20171217 Q8, consider disabling the WriteWEBPImage function in coders/webp.c as a temporary workaround until a patch is available. Restrict access to the webp.c module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.