What is the vulnerability ID for this ImageMagick vulnerability?

The vulnerability ID for this ImageMagick vulnerability is CVE-2017-14249.

What is the severity of CVE-2017-14249?

The severity of CVE-2017-14249 is medium.

What is the affected software version of CVE-2017-14249?

The affected software versions of CVE-2017-14249 are ImageMagick 7.0.6-8 Q16, 8:6.9.7.4+dfsg-16ubuntu2.2, 8:6.9.7.4+dfsg-16ubuntu6.2, 8:6.9.9.34+dfsg-3, 8:6.8.9.9-7ubuntu5.11, 8:6.7.7.10-6ubuntu3.11.

How can a remote attacker exploit CVE-2017-14249?

A remote attacker can exploit CVE-2017-14249 by sending a crafted file to the vulnerable application.

Are there any known remedies for CVE-2017-14249?

Yes, there are known remedies for CVE-2017-14249. For Ubuntu, the remedies are versions 8:6.9.7.4+dfsg-16ubuntu2.2, 8:6.9.7.4+dfsg-16ubuntu6.2, 8:6.9.9.34+dfsg-3, 8:6.8.9.9-7ubuntu5.11, and 8:6.7.7.10-6ubuntu3.11. For Debian, the remedies are versions 8:6.9.10.23+dfsg-2.1+deb10u1, 8:6.9.10.23+dfsg-2.1+deb10u5, 8:6.9.11.60+dfsg-1.3+deb11u1, 8:6.9.11.60+dfsg-1.6, and 8:6.9.12.98+dfsg1-2.

Vulnerability/
CVE-2017-14249

medium

6.5

CWE

369

11/9/2017

21/11/2024

CVE-2017-14249: Divide by Zero

First published: Mon Sep 11 2017(Updated: )

ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero in GetPixelCacheTileSize in MagickCore/cache.c, allowing remote attackers to cause a denial of service via a crafted file.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
ImageMagick ImageMagick	=7.0.6-8
debian/imagemagick		8:6.9.11.60+dfsg-1.3+deb11u4 8:6.9.11.60+dfsg-1.3+deb11u3 8:6.9.11.60+dfsg-1.6+deb12u2 8:6.9.11.60+dfsg-1.6+deb12u1 8:7.1.1.39+dfsg1-3

Remedy

https://github.com/ImageMagick/ImageMagick/issues/708

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID for this ImageMagick vulnerability?
The vulnerability ID for this ImageMagick vulnerability is CVE-2017-14249.
What is the severity of CVE-2017-14249?
The severity of CVE-2017-14249 is medium.
What is the affected software version of CVE-2017-14249?
The affected software versions of CVE-2017-14249 are ImageMagick 7.0.6-8 Q16, 8:6.9.7.4+dfsg-16ubuntu2.2, 8:6.9.7.4+dfsg-16ubuntu6.2, 8:6.9.9.34+dfsg-3, 8:6.8.9.9-7ubuntu5.11, 8:6.7.7.10-6ubuntu3.11.
How can a remote attacker exploit CVE-2017-14249?
A remote attacker can exploit CVE-2017-14249 by sending a crafted file to the vulnerable application.
Are there any known remedies for CVE-2017-14249?
Yes, there are known remedies for CVE-2017-14249. For Ubuntu, the remedies are versions 8:6.9.7.4+dfsg-16ubuntu2.2, 8:6.9.7.4+dfsg-16ubuntu6.2, 8:6.9.9.34+dfsg-3, 8:6.8.9.9-7ubuntu5.11, and 8:6.7.7.10-6ubuntu3.11. For Debian, the remedies are versions 8:6.9.10.23+dfsg-2.1+deb10u1, 8:6.9.10.23+dfsg-2.1+deb10u5, 8:6.9.11.60+dfsg-1.3+deb11u1, 8:6.9.11.60+dfsg-1.6, and 8:6.9.12.98+dfsg1-2.

collector/nvd-index
agent/type
collector/launchpad-cve
source/Launchpad
agent/author
agent/severity
agent/weakness
collector/mitre-cve
source/MITRE
collector/usn-cve
source/Ubuntu
agent/references
agent/remedy
agent/first-publish-date
agent/tags
agent/description
agent/event
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
agent/last-modified-date
collector/security-tracker-debian
source/Debian
agent/softwarecombine
agent/trending
vendor/imagemagick
canonical/imagemagick imagemagick
version/imagemagick imagemagick/7.0.6-8
package-manager/debian