CVE-2017-14103

Name of the Vulnerable Software and Affected Versions GraphicsMagick version 1.3.26

Description The issue is related to the use of memory after it has been freed, specifically in the ReadJNGImage and ReadOneJNGImage functions in the coders/png.c file of the GraphicsMagick library. This can be exploited by a remote attacker using a specially crafted file, potentially allowing the execution of arbitrary code. The vulnerability is a result of an incomplete fix for a previous issue and is related to the improper management of image pointers after certain error conditions, as well as an out-of-order CloseBlob call in the ReadMNGImage function.

Recommendations For GraphicsMagick version 1.3.26, consider disabling the ReadJNGImage and ReadOneJNGImage functions until a patch is available to prevent potential use-after-free attacks. Restrict access to the coders/png.c module to minimize the risk of exploitation. Avoid using the affected functions with untrusted input files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.