First published: Wed Jul 26 2017(Updated: )
GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() function in coders/cmyk.c when processing multiple frames that have non-identical widths.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Graphicsmagick Graphicsmagick | =1.3.26 | |
debian/graphicsmagick | 1.4+really1.3.36+hg16481-2+deb11u1 1.4+really1.3.40-4 1.4+really1.3.45-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2017-11643.
The severity of CVE-2017-11643 is critical (9.8).
The affected software for CVE-2017-11643 includes GraphicsMagick versions 1.3.23-1ubuntu0.3, 1.3.18-1ubuntu3.1+, 1.4+really1.3.35-1~deb10u2, 1.4+really1.3.35-1~deb10u3, 1.4+really1.3.36+hg16481-2+deb11u1, 1.4+really1.3.40-4, and 1.4+really1.3.42-1.
To fix CVE-2017-11643, it is recommended to update to a patched version of GraphicsMagick, such as 1.3.23-1ubuntu0.3 or higher.
You can find more information about CVE-2017-11643 at the following references: [1] http://hg.code.sf.net/p/graphicsmagick/code/rev/d00b74315a71, [2] http://www.securityfocus.com/bid/100357, [3] https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html.