Skip to main content

Graphicsmagick CVE-2017-10799

MEDIUM
Uncontrolled Resource Consumption (CWE-400)
2017-07-03 cve@mitre.org
5.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Jul 03, 2017 - 01:29 cve.org
MEDIUM 5.5

DescriptionCVE.org

When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage().

AnalysisAI

When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage(). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Technical ContextAI

This vulnerability is classified as Uncontrolled Resource Consumption (CWE-400), which allows attackers to cause denial of service by exhausting system resources. When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage(). Affected products include: Graphicsmagick.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Implement rate limiting, set resource quotas, validate input sizes, use timeouts.

CVE-2017-15277 MEDIUM POC
6.5 Oct 12

ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when proc

CVE-2017-16352 HIGH POC
8.8 Nov 01

GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image dir

CVE-2017-16353 MEDIUM POC
6.5 Nov 01

GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function

CVE-2016-5118 CRITICAL
9.8 Jun 10

The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbit

CVE-2019-19951 CRITICAL POC
9.8 Dec 24

In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of cod

CVE-2019-19950 CRITICAL POC
9.8 Dec 24

In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magi

CVE-2019-11005 CRITICAL POC
9.8 Apr 08

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of co

CVE-2019-19953 CRITICAL POC
9.1 Dec 24

In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders

CVE-2019-11006 CRITICAL POC
9.1 Apr 08

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of code

CVE-2017-16669 HIGH POC
8.8 Nov 09

coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow a

CVE-2019-11506 HIGH POC
8.8 Apr 24

In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function

CVE-2019-11505 HIGH POC
8.8 Apr 24

In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function

Share

CVE-2017-10799 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy