Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Debian LTS Advisory ([SECURITY] [DLA 1082-1] graphicsmagick security update)

Information

Severity

Severity

High

Family

Family

Debian Local Security Checks

CVSSv2 Base

CVSSv2 Base

7.1

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

4 years ago

Modified

Modified

3 years ago

Summary

CVE-2017-13776 CVE-2017-13777 denial of service issue in ReadXBMImage() CVE-2017-12935 The ReadMNGImage function in coders/png.c mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c. CVE-2017-12936 The ReadWMFImage function in coders/wmf.c has a use-after-free issue for data associated with exception reporting. CVE-2017-12937 The ReadSUNImage function in coders/sun.c has a colormap heap-based buffer over-read. CVE-2017-13063 CVE-2017-13064 heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c CVE-2017-13065 NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c

Affected Software

Affected Software

graphicsmagick on Debian Linux

Detection Method

Detection Method

This check tests the installed software version using the apt package manager.

Solution

Solution

For Debian 7 'Wheezy', these problems have been fixed in version 1.3.16-1.1+deb7u9. We recommend that you upgrade your graphicsmagick packages.