What is CVE-2017-14989?

CVE-2017-14989 is a use-after-free vulnerability in ImageMagick 7.0.7-4 Q16.

How does CVE-2017-14989 affect ImageMagick?

CVE-2017-14989 allows attackers to crash ImageMagick by exploiting a use-after-free vulnerability in the RenderFreetype function in MagickCore/annotate.c.

What is the severity of CVE-2017-14989?

The severity of CVE-2017-14989 is medium (CVSS score of 6.5).

How can I fix CVE-2017-14989 in ImageMagick?

To fix CVE-2017-14989 in ImageMagick, you should update to version 8:6.9.7.4+dfsg-16ubuntu2.2 (for Ubuntu) or version 8:6.9.7.4+dfsg-16ubuntu6.2 (for Ubuntu Bionic), or apply the appropriate remedy provided by the source (Ubuntu or Debian).

Where can I find more information about CVE-2017-14989?

You can find more information about CVE-2017-14989 on the GitHub page (https://github.com/ImageMagick/ImageMagick/issues/781), Ubuntu Security Notice (https://usn.ubuntu.com/3681-1/), and Debian Security Advisory (https://www.debian.org/security/2017/dsa-4032)

Vulnerability/
CVE-2017-14989

medium

6.5

CWE

416

3/10/2017

21/11/2024

CVE-2017-14989: Use After Free

First published: Tue Oct 03 2017(Updated: )

A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a crafted font file, because the FT_Done_Glyph function (from FreeType 2) is called at an incorrect place in the ImageMagick code.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
ImageMagick ImageMagick	=7.0.7-4
debian/imagemagick		8:6.9.11.60+dfsg-1.3+deb11u4 8:6.9.11.60+dfsg-1.3+deb11u3 8:6.9.11.60+dfsg-1.6+deb12u2 8:6.9.11.60+dfsg-1.6+deb12u1 8:7.1.1.39+dfsg1-3

Remedy

https://github.com/ImageMagick/ImageMagick/issues/781

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2017-14989?
CVE-2017-14989 is a use-after-free vulnerability in ImageMagick 7.0.7-4 Q16.
How does CVE-2017-14989 affect ImageMagick?
CVE-2017-14989 allows attackers to crash ImageMagick by exploiting a use-after-free vulnerability in the RenderFreetype function in MagickCore/annotate.c.
What is the severity of CVE-2017-14989?
The severity of CVE-2017-14989 is medium (CVSS score of 6.5).
How can I fix CVE-2017-14989 in ImageMagick?
To fix CVE-2017-14989 in ImageMagick, you should update to version 8:6.9.7.4+dfsg-16ubuntu2.2 (for Ubuntu) or version 8:6.9.7.4+dfsg-16ubuntu6.2 (for Ubuntu Bionic), or apply the appropriate remedy provided by the source (Ubuntu or Debian).
Where can I find more information about CVE-2017-14989?
You can find more information about CVE-2017-14989 on the GitHub page (https://github.com/ImageMagick/ImageMagick/issues/781), Ubuntu Security Notice (https://usn.ubuntu.com/3681-1/), and Debian Security Advisory (https://www.debian.org/security/2017/dsa-4032)

collector/debian-bugs
alias/CVE-2017-14989
collector/nvd-index
agent/type
collector/launchpad-cve
source/Launchpad
agent/author
agent/severity
agent/weakness
collector/usn-cve
source/Ubuntu
agent/remedy
agent/references
agent/tags
agent/description
agent/first-publish-date
agent/event
collector/security-tracker-debian
source/Debian
agent/software-canonical-lookup
agent/softwarecombine
collector/nvd-cve
source/NVD
agent/last-modified-date
agent/trending
vendor/imagemagick
canonical/imagemagick imagemagick
version/imagemagick imagemagick/7.0.7-4
package-manager/debian