What is the severity of CVE-2017-13146?

CVE-2017-13146 is classified as having a moderate severity level due to the memory leak vulnerability in ImageMagick.

How do I fix CVE-2017-13146?

To fix CVE-2017-13146, you should upgrade your ImageMagick installation to version 6.9.8-5 or later for the 6.x series or version 7.0.5-6 or later for the 7.x series.

What types of software are affected by CVE-2017-13146?

CVE-2017-13146 affects ImageMagick versions prior to 6.9.8-5 and all versions prior to 7.0.5-6.

Is CVE-2017-13146 exploitable remotely?

CVE-2017-13146 is not typically considered a remote exploit as it requires processing specially crafted images.

What are the potential impacts of CVE-2017-13146?

The potential impacts of CVE-2017-13146 include increased memory consumption which could lead to denial of service in systems running ImageMagick.

Vulnerability/
CVE-2017-13146

high

8.8

CWE

772

28/7/2017

23/8/2017

5/8/2024

CVE-2017-13146

First published: Fri Jul 28 2017(Updated: )

In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function in coders/mat.c.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
debian/imagemagick	<=8:6.8.9.9-5<=8:6.7.7.10-5+deb7u14<=8:6.8.9.9-5+deb8u8<=8:6.9.7.4+dfsg-13<=8:6.8.9.9-5+deb8u9
ImageMagick ImageMagick	<=6.9.8-4
ImageMagick ImageMagick	=7.0.1-0
ImageMagick ImageMagick	=7.0.1-1
ImageMagick ImageMagick	=7.0.1-2
ImageMagick ImageMagick	=7.0.1-3
ImageMagick ImageMagick	=7.0.1-4
ImageMagick ImageMagick	=7.0.1-5
ImageMagick ImageMagick	=7.0.1-6
ImageMagick ImageMagick	=7.0.1-7
ImageMagick ImageMagick	=7.0.1-8
ImageMagick ImageMagick	=7.0.1-9
ImageMagick ImageMagick	=7.0.1-10
ImageMagick ImageMagick	=7.0.2-0
ImageMagick ImageMagick	=7.0.2-1
ImageMagick ImageMagick	=7.0.2-2
ImageMagick ImageMagick	=7.0.2-3
ImageMagick ImageMagick	=7.0.2-4
ImageMagick ImageMagick	=7.0.2-5
ImageMagick ImageMagick	=7.0.2-6
ImageMagick ImageMagick	=7.0.2-7
ImageMagick ImageMagick	=7.0.2-8
ImageMagick ImageMagick	=7.0.2-9
ImageMagick ImageMagick	=7.0.2-10
ImageMagick ImageMagick	=7.0.3-0
ImageMagick ImageMagick	=7.0.3-1
ImageMagick ImageMagick	=7.0.3-2
ImageMagick ImageMagick	=7.0.3-3
ImageMagick ImageMagick	=7.0.3-4
ImageMagick ImageMagick	=7.0.3-5
ImageMagick ImageMagick	=7.0.3-6
ImageMagick ImageMagick	=7.0.3-7
ImageMagick ImageMagick	=7.0.3-8
ImageMagick ImageMagick	=7.0.3-9
ImageMagick ImageMagick	=7.0.3-10
ImageMagick ImageMagick	=7.0.4-0
ImageMagick ImageMagick	=7.0.4-1
ImageMagick ImageMagick	=7.0.4-2
ImageMagick ImageMagick	=7.0.4-3
ImageMagick ImageMagick	=7.0.4-4
ImageMagick ImageMagick	=7.0.4-5
ImageMagick ImageMagick	=7.0.4-6
ImageMagick ImageMagick	=7.0.4-7
ImageMagick ImageMagick	=7.0.4-8
ImageMagick ImageMagick	=7.0.4-9
ImageMagick ImageMagick	=7.0.4-10
ImageMagick ImageMagick	=7.0.5-0
ImageMagick ImageMagick	=7.0.5-1
ImageMagick ImageMagick	=7.0.5-4
ImageMagick ImageMagick	=7.0.5-5

Remedy

https://github.com/ImageMagick/ImageMagick/commit/79e5dbcdd1fc2f714f9bae548bc55d5073f3ed20

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-13146?
CVE-2017-13146 is classified as having a moderate severity level due to the memory leak vulnerability in ImageMagick.
How do I fix CVE-2017-13146?
To fix CVE-2017-13146, you should upgrade your ImageMagick installation to version 6.9.8-5 or later for the 6.x series or version 7.0.5-6 or later for the 7.x series.
What types of software are affected by CVE-2017-13146?
CVE-2017-13146 affects ImageMagick versions prior to 6.9.8-5 and all versions prior to 7.0.5-6.
Is CVE-2017-13146 exploitable remotely?
CVE-2017-13146 is not typically considered a remote exploit as it requires processing specially crafted images.
What are the potential impacts of CVE-2017-13146?
The potential impacts of CVE-2017-13146 include increased memory consumption which could lead to denial of service in systems running ImageMagick.

collector/nvd-index
agent/type
agent/first-publish-date
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/references
agent/weakness
agent/remedy
agent/author
agent/description
agent/event
collector/debian-bugs
source/Debian
alias/CVE-2017-13146
agent/software-canonical-lookup
agent/trending
agent/tags
agent/source
vendor/imagemagick
canonical/imagemagick imagemagick
version/imagemagick imagemagick/6.9.8-4
version/imagemagick imagemagick/7.0.1-0
version/imagemagick imagemagick/7.0.1-1
version/imagemagick imagemagick/7.0.1-2
version/imagemagick imagemagick/7.0.1-3
version/imagemagick imagemagick/7.0.1-4
version/imagemagick imagemagick/7.0.1-5
version/imagemagick imagemagick/7.0.1-6
version/imagemagick imagemagick/7.0.1-7
version/imagemagick imagemagick/7.0.1-8
version/imagemagick imagemagick/7.0.1-9
version/imagemagick imagemagick/7.0.1-10
version/imagemagick imagemagick/7.0.2-0
version/imagemagick imagemagick/7.0.2-1
version/imagemagick imagemagick/7.0.2-2
version/imagemagick imagemagick/7.0.2-3
version/imagemagick imagemagick/7.0.2-4
version/imagemagick imagemagick/7.0.2-5
version/imagemagick imagemagick/7.0.2-6
version/imagemagick imagemagick/7.0.2-7
version/imagemagick imagemagick/7.0.2-8
version/imagemagick imagemagick/7.0.2-9
version/imagemagick imagemagick/7.0.2-10
version/imagemagick imagemagick/7.0.3-0
version/imagemagick imagemagick/7.0.3-1
version/imagemagick imagemagick/7.0.3-2
version/imagemagick imagemagick/7.0.3-3
version/imagemagick imagemagick/7.0.3-4
version/imagemagick imagemagick/7.0.3-5
version/imagemagick imagemagick/7.0.3-6
version/imagemagick imagemagick/7.0.3-7
version/imagemagick imagemagick/7.0.3-8
version/imagemagick imagemagick/7.0.3-9
version/imagemagick imagemagick/7.0.3-10
version/imagemagick imagemagick/7.0.4-0
version/imagemagick imagemagick/7.0.4-1
version/imagemagick imagemagick/7.0.4-2
version/imagemagick imagemagick/7.0.4-3
version/imagemagick imagemagick/7.0.4-4
version/imagemagick imagemagick/7.0.4-5
version/imagemagick imagemagick/7.0.4-6
version/imagemagick imagemagick/7.0.4-7
version/imagemagick imagemagick/7.0.4-8
version/imagemagick imagemagick/7.0.4-9
version/imagemagick imagemagick/7.0.4-10
version/imagemagick imagemagick/7.0.5-0
version/imagemagick imagemagick/7.0.5-1
version/imagemagick imagemagick/7.0.5-4
version/imagemagick imagemagick/7.0.5-5
package-manager/debian

CVE-2017-13146

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-13146?

How do I fix CVE-2017-13146?

What types of software are affected by CVE-2017-13146?

Is CVE-2017-13146 exploitable remotely?

What are the potential impacts of CVE-2017-13146?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2017-13146?

How do I fix CVE-2017-13146?

What types of software are affected by CVE-2017-13146?

Is CVE-2017-13146 exploitable remotely?

What are the potential impacts of CVE-2017-13146?