CVE-2017-16352

Name of the Vulnerable Software and Affected Versions GraphicsMagick version 1.3.26

Description The issue is related to a heap-based buffer overflow in the DescribeImage() function of the magick/describe.c file, specifically in the "Display visual image directory" feature. This can be triggered by running the identify command on a specially crafted MIFF format file with the verbose flag. Additionally, the vulnerability is caused by a buffer overflow in the ReadOneJNGImage function of the coders/png.c file, which can allow a remote attacker to execute arbitrary code.

Recommendations For GraphicsMagick version 1.3.26, consider disabling the DescribeImage() function or restricting the use of the identify command with the verbose flag until a patch is available. As a temporary workaround, avoid using the ReadOneJNGImage function in the coders/png.c file to minimize the risk of exploitation.