What is the severity of CVE-2017-14607?

The severity of CVE-2017-14607 is high with a severity value of 8.1.

How does CVE-2017-14607 affect ImageMagick?

CVE-2017-14607 affects ImageMagick 7.0.7-4 Q16.

What is the potential impact of CVE-2017-14607?

The potential impact of CVE-2017-14607 is the disclosure of potentially sensitive memory or application crashes.

How can I fix CVE-2017-14607?

To fix CVE-2017-14607, update ImageMagick to versions 8:6.9.7.4+dfsg-11+deb9u3, 8:6.8.9.9-5+deb8u11, 8:6.9.9.34+dfsg-1 or a higher version provided by the vendor.

Where can I find more information about CVE-2017-14607?

More information about CVE-2017-14607 can be found at the following references: http://www.securityfocus.com/bid/100944, https://github.com/ImageMagick/ImageMagick/issues/765, and https://usn.ubuntu.com/3681-1/

Vulnerability/
CVE-2017-14607

high

8.1

CWE

125

20/9/2017

21/11/2024

CVE-2017-14607

First published: Wed Sep 20 2017(Updated: )

In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
debian/imagemagick	<=8:6.8.9.9-1<=8:6.9.7.4+dfsg-11	8:6.9.7.4+dfsg-11+deb9u3 8:6.8.9.9-5+deb8u11 8:6.9.9.34+dfsg-1
ImageMagick ImageMagick	=7.0.7-4
Canonical Ubuntu Linux	=14.04
Canonical Ubuntu Linux	=16.04
Canonical Ubuntu Linux	=17.10
Canonical Ubuntu Linux	=18.04
Debian Debian Linux	=8.0
Debian Debian Linux	=9.0
debian/imagemagick		8:6.9.11.60+dfsg-1.3+deb11u4 8:6.9.11.60+dfsg-1.3+deb11u3 8:6.9.11.60+dfsg-1.6+deb12u2 8:6.9.11.60+dfsg-1.6+deb12u1 8:7.1.1.39+dfsg1-3

Remedy

https://github.com/ImageMagick/ImageMagick/issues/765

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-14607?
The severity of CVE-2017-14607 is high with a severity value of 8.1.
How does CVE-2017-14607 affect ImageMagick?
CVE-2017-14607 affects ImageMagick 7.0.7-4 Q16.
What is the potential impact of CVE-2017-14607?
The potential impact of CVE-2017-14607 is the disclosure of potentially sensitive memory or application crashes.
How can I fix CVE-2017-14607?
To fix CVE-2017-14607, update ImageMagick to versions 8:6.9.7.4+dfsg-11+deb9u3, 8:6.8.9.9-5+deb8u11, 8:6.9.9.34+dfsg-1 or a higher version provided by the vendor.
Where can I find more information about CVE-2017-14607?
More information about CVE-2017-14607 can be found at the following references: http://www.securityfocus.com/bid/100944, https://github.com/ImageMagick/ImageMagick/issues/765, and https://usn.ubuntu.com/3681-1/

collector/debian-bugs
alias/CVE-2017-14607
collector/nvd-index
agent/type
collector/launchpad-cve
source/Launchpad
agent/author
agent/severity
agent/weakness
collector/mitre-cve
source/MITRE
collector/usn-cve
source/Ubuntu
agent/references
agent/remedy
agent/tags
agent/description
agent/first-publish-date
agent/event
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
agent/last-modified-date
collector/security-tracker-debian
source/Debian
agent/softwarecombine
agent/trending
package-manager/debian
vendor/imagemagick
canonical/imagemagick imagemagick
version/imagemagick imagemagick/7.0.7-4
vendor/canonical
canonical/canonical ubuntu linux
version/canonical ubuntu linux/14.04
version/canonical ubuntu linux/16.04
version/canonical ubuntu linux/17.10
version/canonical ubuntu linux/18.04
vendor/debian
canonical/debian debian linux
version/debian debian linux/8.0
version/debian debian linux/9.0