CyberSec.Space Logo
Back to CVE Browser

CVE-2017-16546

HIGH
8.8
CVSS Severity Score
EPSS Score0.1090%
EPSS Percentile37.56th
PublishedNov 5, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.

Affected Platforms (CPE)

πŸ“¦
Imagemagick

Imagemagick

= 7.0.7-9
πŸ’»
Canonical

Ubuntu Linux

= 14.04
πŸ’»
Canonical

Ubuntu Linux

= 16.04
πŸ’»
Canonical

Ubuntu Linux

= 17.10
πŸ’»
Canonical

Ubuntu Linux

= 18.04
πŸ’»
Debian

Debian Linux

= 8.0
πŸ’»
Debian

Debian Linux

= 9.0

References & Advisories

πŸ”— https://github.com/ImageMagick/ImageMagick/commit/2130bf6f89ded32ef0c88a11694f107c52566c53
πŸ”— https://github.com/ImageMagick/ImageMagick/commit/e04cf3e9524f50ca336253513d977224e083b816
πŸ”— https://github.com/ImageMagick/ImageMagick/issues/851
πŸ”— https://usn.ubuntu.com/3681-1/
πŸ”— https://www.debian.org/security/2017/dsa-4040
πŸ”— https://www.debian.org/security/2017/dsa-4074
πŸ”— https://github.com/ImageMagick/ImageMagick/commit/2130bf6f89ded32ef0c88a11694f107c52566c53
πŸ”— https://github.com/ImageMagick/ImageMagick/commit/e04cf3e9524f50ca336253513d977224e083b816

Related Vulnerabilities

CVE-2004-098110.0

Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a ce...

CVE-2017-145329.8

ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c.

CVE-2017-131399.8

In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with ...

CVE-2017-141389.8

ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error...