What is CVE-2017-14224?

CVE-2017-14224 is a heap-based buffer overflow vulnerability in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16.

How can CVE-2017-14224 be exploited?

CVE-2017-14224 can be exploited by remote attackers to cause a denial of service or execute arbitrary code by using a crafted file.

Which software versions are affected by CVE-2017-14224?

ImageMagick versions 7.0.6-8 and 8:6.9.7.4+dfsg-16ubuntu2.2, 8:6.9.7.4+dfsg-16ubuntu6.2, 8:6.9.9.34+dfsg-3, 8:6.8.9.9-7ubuntu5.11, and 8:6.7.7.10-6ubuntu3.11 are affected by CVE-2017-14224.

What is the severity of CVE-2017-14224?

CVE-2017-14224 has a severity rating of 8.8 (high).

How can I fix CVE-2017-14224?

To fix CVE-2017-14224, update to version 8:6.9.10.23+dfsg-2.1+deb10u1, 8:6.9.10.23+dfsg-2.1+deb10u5, 8:6.9.11.60+dfsg-1.3+deb11u1, 8:6.9.11.60+dfsg-1.6, or 8:6.9.12.98+dfsg1-2 of the ImageMagick software.

Vulnerability/
CVE-2017-14224

high

8.8

CWE

119

9/9/2017

21/11/2024

CVE-2017-14224: Buffer Overflow

First published: Sat Sep 09 2017(Updated: )

A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code execution via a crafted file.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
ImageMagick ImageMagick	=7.0.6-8
debian/imagemagick		8:6.9.11.60+dfsg-1.3+deb11u4 8:6.9.11.60+dfsg-1.3+deb11u3 8:6.9.11.60+dfsg-1.6+deb12u2 8:6.9.11.60+dfsg-1.6+deb12u1 8:7.1.1.39+dfsg1-3

Remedy

https://github.com/ImageMagick/ImageMagick/issues/733

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2017-14224?
CVE-2017-14224 is a heap-based buffer overflow vulnerability in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16.
How can CVE-2017-14224 be exploited?
CVE-2017-14224 can be exploited by remote attackers to cause a denial of service or execute arbitrary code by using a crafted file.
Which software versions are affected by CVE-2017-14224?
ImageMagick versions 7.0.6-8 and 8:6.9.7.4+dfsg-16ubuntu2.2, 8:6.9.7.4+dfsg-16ubuntu6.2, 8:6.9.9.34+dfsg-3, 8:6.8.9.9-7ubuntu5.11, and 8:6.7.7.10-6ubuntu3.11 are affected by CVE-2017-14224.
What is the severity of CVE-2017-14224?
CVE-2017-14224 has a severity rating of 8.8 (high).
How can I fix CVE-2017-14224?
To fix CVE-2017-14224, update to version 8:6.9.10.23+dfsg-2.1+deb10u1, 8:6.9.10.23+dfsg-2.1+deb10u5, 8:6.9.11.60+dfsg-1.3+deb11u1, 8:6.9.11.60+dfsg-1.6, or 8:6.9.12.98+dfsg1-2 of the ImageMagick software.

collector/debian-bugs
alias/CVE-2017-14224
collector/nvd-index
agent/type
collector/launchpad-cve
source/Launchpad
agent/author
agent/severity
agent/weakness
collector/mitre-cve
source/MITRE
collector/usn-cve
source/Ubuntu
agent/remedy
agent/references
agent/event
agent/description
agent/tags
agent/first-publish-date
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
agent/last-modified-date
collector/security-tracker-debian
source/Debian
agent/softwarecombine
agent/trending
vendor/imagemagick
canonical/imagemagick imagemagick
version/imagemagick imagemagick/7.0.6-8
package-manager/debian