CVE-2017-14103CVE-2017-14103

Affected configuration(s):

cpe:/a:graphicsmagick:graphicsmagick:1.3.26

Date published: 2017-09-01T09:29:00.477-04:00

Date last modified: 2017-09-05T09:18:15.827-04:00

CVSS Score: 6.8

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://hg.code.sf.net/p/graphicsmagick/code/rev/98721124e51f

Summary: The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 do not properly manage image pointers after certain error conditions, which allows remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-11403.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.