Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

Vulnerability Intelligence

Customers

CVE-2017-14997 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceCVE-2017-14997

CVE-2017-14997

MEDIUM6.5

GraphicsMagick 1

Published Oct 3, 2017

Modified 1 years ago

Details

GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c.

References

WEB

http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset%3Bnode=0683f8724200

WEB

http://www.securityfocus.com/bid/101183

WEB

https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html

ADVISORY

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/

ADVISORY

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/

WEB

https://sourceforge.net/p/graphicsmagick/bugs/511/

WEB

https://sourceforge.net/p/graphicsmagick/code/ci/0683f8724200495059606c03f04e0d589b33ebe8/

ADVISORY

https://usn.ubuntu.com/4232-1/

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2017-14997

ADVISORY

https://www.debian.org/security/2018/dsa-4321

CVSS Analysis

CVSS v3.0

6.5

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

RequiredUI:R

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

HighA:H

6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Ecosystems

Timeline

PublishedOct 3, 2017

ModifiedAug 5, 2024