CyberSec.Space Logo
CVEブラウザに戻る

CVE-2017-16545

HIGH
8.8
CVSS Severity Score
EPSS Score0.1420%
EPSS Percentile37.74th
Published2017年11月5日
Last Modified2026年5月13日

Vulnerability Description

The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via a malformed WPG image.

Affected Platforms (CPE)

📦
Graphicsmagick

Graphicsmagick

= 1.3.26

References & Advisories

🔗 http://hg.code.sf.net/p/graphicsmagick/code/rev/e8086faa52d0
🔗 https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html
🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/
🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/
🔗 https://sourceforge.net/p/graphicsmagick/bugs/519/
🔗 https://usn.ubuntu.com/4248-1/
🔗 https://www.debian.org/security/2018/dsa-4321
🔗 http://hg.code.sf.net/p/graphicsmagick/code/rev/e8086faa52d0

関連する脆弱性情報

CVE-2008-607110.0

Heap-based buffer overflow in the DecodeImage function in coders/pict.c in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, a...

CVE-2017-116379.8

GraphicsMagick 1.3.26 has a NULL pointer dereference in the WritePCLImage() function in coders/pcl.c during writes of monochrome i...

CVE-2017-111399.8

GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c.

CVE-2017-116369.8

GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() function in coders/rgb.c when processing multiple frames that hav...