First published: Tue Aug 22 2017(Updated: )
GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:311:12.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Graphicsmagick Graphicsmagick | =1.3.26 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
debian/graphicsmagick | 1.4+really1.3.36+hg16481-2+deb11u1 1.4+really1.3.40-4 1.4+really1.3.45-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2017-13064 is medium with a severity value of 6.5.
GraphicsMagick 1.3.26 and Debian Linux 8.0 and 9.0 are affected by CVE-2017-13064.
To mitigate CVE-2017-13064, update GraphicsMagick to version 1.4+really1.3.35-1~deb10u2 or later.
You can find more information about CVE-2017-13064 at the following references: http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a, http://www.securityfocus.com/bid/100474, https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html.
The CWE ID for CVE-2017-13064 is 119.