CVEブラウザに戻る

CVE-2017-16546

HIGH

8.8

CVSS Severity Score

EPSS Score0.1090%

EPSS Percentile37.56th

Published2017年11月5日

Last Modified2026年5月13日

Vulnerability Description

The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.

Affected Platforms (CPE)

📦

Imagemagick

Imagemagick

= 7.0.7-9

💻

Canonical

Ubuntu Linux

= 14.04

💻

Canonical

Ubuntu Linux

= 16.04

💻

Canonical

Ubuntu Linux

= 17.10

💻

Canonical

Ubuntu Linux

= 18.04

💻

Debian

Debian Linux

= 8.0

💻

Debian

Debian Linux

= 9.0

References & Advisories

🔗 https://github.com/ImageMagick/ImageMagick/commit/2130bf6f89ded32ef0c88a11694f107c52566c53

🔗 https://github.com/ImageMagick/ImageMagick/commit/e04cf3e9524f50ca336253513d977224e083b816

🔗 https://github.com/ImageMagick/ImageMagick/issues/851

🔗 https://usn.ubuntu.com/3681-1/

🔗 https://www.debian.org/security/2017/dsa-4040

🔗 https://www.debian.org/security/2017/dsa-4074

🔗 https://github.com/ImageMagick/ImageMagick/commit/2130bf6f89ded32ef0c88a11694f107c52566c53

🔗 https://github.com/ImageMagick/ImageMagick/commit/e04cf3e9524f50ca336253513d977224e083b816

関連する脆弱性情報

CVE-2004-098110.0

Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a ce...

CVE-2017-145329.8

ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c.

CVE-2017-131399.8

In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with ...

CVE-2017-141389.8

ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error...