PT-2017-3901 · Graphicsmagick+2 · Graphicsmagick+2

Published

2017-08-24

Updated

2019-12-16

CVE-2017-13776

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions GraphicsMagick version 1.3.26

Description The issue is related to a denial of service in the ReadXBMImage() function, specifically in the "Read hex image data" case when the version is not equal to 10. This results in the reader not returning, causing large amounts of CPU and memory consumption. The vulnerability is associated with resource exhaustion of the central processor. Exploitation of this issue may allow a remote attacker to cause a denial of service.

Recommendations For GraphicsMagick version 1.3.26, consider disabling the ReadXBMImage() function as a temporary workaround to minimize the risk of exploitation until a patch is available.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-834

Related Identifiers

BDU:2019-04560

BDU:2019-04561

CVE-2017-13776

DLA-1082-1

DLA-1456-1

DSA-4321-1

DSA-4321-2

SUSE-SU-2017:3435-1

USN-4222-1

Affected Products

Graphicsmagick

Suse

Ubuntu

PT-2017-3901 · Graphicsmagick+2 · Graphicsmagick+2

CVE-2017-13776

Weakness Enumeration

Related Identifiers

Affected Products

References · 65