CVE-2017-11722

Name of the Vulnerable Software and Affected Versions GraphicsMagick version 1.3.26

Description The issue is related to the WriteOnePNGImage function in the coders/png.c file of the GraphicsMagick library, which is vulnerable to a buffer overflow read in dynamic memory. This can be exploited by a remote attacker using a specially crafted file, potentially leading to a denial of service (out-of-bounds read and application crash). The problem arises from inconsistent control flow in the program, causing a logging statement to execute outside of a loop and resulting in the use of an invalid array index.

Recommendations For GraphicsMagick version 1.3.26, consider disabling the WriteOnePNGImage function as a temporary workaround until a patch is available. Restrict access to the coders/png.c module to minimize the risk of exploitation. Avoid using the GraphicsMagick library to process untrusted or specially crafted files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.