First published: Tue Aug 22 2017(Updated: )
GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Graphicsmagick Graphicsmagick | =1.3.26 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
debian/graphicsmagick | 1.4+really1.3.36+hg16481-2+deb11u1 1.4+really1.3.40-4 1.4+really1.3.45-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2017-13065.
The severity of CVE-2017-13065 is medium with a score of 6.5.
The vulnerability CVE-2017-13065 affects GraphicsMagick version 1.3.26.
To fix CVE-2017-13065, update GraphicsMagick to version 1.4+really1.3.35-1~deb10u2 or higher.
You can find more information about CVE-2017-13065 at the following references: [Reference 1](http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a), [Reference 2](https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html), [Reference 3](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/)