CyberSec.Space Logo
Back to CVE Browser

CVE-2017-14138

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0990%
EPSS Percentile32.90th
PublishedSep 4, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors.

Affected Platforms (CPE)

πŸ“¦
Imagemagick

Imagemagick

= 7.0.6-5

References & Advisories

πŸ”— https://github.com/ImageMagick/ImageMagick/issues/639
πŸ”— https://security.gentoo.org/glsa/201711-07
πŸ”— https://github.com/ImageMagick/ImageMagick/issues/639
πŸ”— https://security.gentoo.org/glsa/201711-07

Related Vulnerabilities

CVE-2004-098110.0

Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a ce...

CVE-2017-146249.8

ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c.

CVE-2017-131399.8

In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with ...

CVE-2017-145329.8

ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c.