Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

Vulnerability IntelligenceCVE-2017-16352

CVE-2017-16352

HIGH8.8

GraphicsMagick 1

Published Nov 1, 2017

Modified 1 years ago

Details

GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag.

References

ftp://ftp.graphicsmagick.org/pub/GraphicsMagick/snapshots/ChangeLog.txt

http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset%3Bnode=7292230dd185

http://www.securityfocus.com/bid/101658

https://blogs.securiteam.com/index.php/archives/3494

https://lists.debian.org/debian-lts-announce/2017/11/msg00002.html

https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html

https://usn.ubuntu.com/4232-1/

https://www.cve.org/CVERecord?id=CVE-2017-16352

https://www.debian.org/security/2018/dsa-4321

https://www.exploit-db.com/exploits/43111/

CVSS Analysis

CVSS v3.0

8.8

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

RequiredUI:R

Scope

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

8.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Ecosystems

Timeline

PublishedNov 1, 2017

ModifiedAug 5, 2024

CVE-2017-16352 | Mondoo Vulnerability Intelligence