What is the vulnerability ID of this issue?

The vulnerability ID of this issue is CVE-2017-13134.

What is the severity of CVE-2017-13134?

The severity of CVE-2017-13134 is medium.

Which software versions are affected by CVE-2017-13134?

ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26 are affected by CVE-2017-13134.

How can CVE-2017-13134 be exploited?

CVE-2017-13134 can be exploited by using a crafted file to cause a denial of service.

Is there a fix available for CVE-2017-13134?

Yes, a fix is available. For GraphicsMagick, version 1.3.26-19 is the recommended fix, and for ImageMagick, version 8:6.9.7.4+dfsg-16ubuntu2.2 and 8:6.9.7.4+dfsg-16ubuntu6.2 are the recommended fixes.

Vulnerability/
CVE-2017-13134

medium

6.5

CWE

125

23/8/2017

21/11/2024

CVE-2017-13134

First published: Wed Aug 23 2017(Updated: )

In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attackers to cause a denial of service via a crafted file.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
ImageMagick ImageMagick	=7.0.6-6
debian/graphicsmagick		1.4+really1.3.36+hg16481-2+deb11u1 1.4+really1.3.40-4 1.4+really1.3.45-1
debian/imagemagick		8:6.9.11.60+dfsg-1.3+deb11u4 8:6.9.11.60+dfsg-1.3+deb11u3 8:6.9.11.60+dfsg-1.6+deb12u2 8:6.9.11.60+dfsg-1.6+deb12u1 8:7.1.1.39+dfsg1-3

Remedy

https://github.com/ImageMagick/ImageMagick/issues/670

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2017-13134.
What is the severity of CVE-2017-13134?
The severity of CVE-2017-13134 is medium.
Which software versions are affected by CVE-2017-13134?
ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26 are affected by CVE-2017-13134.
How can CVE-2017-13134 be exploited?
CVE-2017-13134 can be exploited by using a crafted file to cause a denial of service.
Is there a fix available for CVE-2017-13134?
Yes, a fix is available. For GraphicsMagick, version 1.3.26-19 is the recommended fix, and for ImageMagick, version 8:6.9.7.4+dfsg-16ubuntu2.2 and 8:6.9.7.4+dfsg-16ubuntu6.2 are the recommended fixes.

collector/debian-bugs
alias/CVE-2017-13134
collector/nvd-index
agent/type
collector/launchpad-cve
source/Launchpad
agent/author
agent/severity
agent/weakness
collector/mitre-cve
source/MITRE
collector/usn-cve
source/Ubuntu
agent/references
agent/remedy
agent/tags
agent/description
agent/first-publish-date
agent/event
collector/security-tracker-debian
source/Debian
agent/software-canonical-lookup
agent/softwarecombine
collector/nvd-cve
source/NVD
agent/last-modified-date
agent/trending
vendor/imagemagick
canonical/imagemagick imagemagick
version/imagemagick imagemagick/7.0.6-6
package-manager/debian