What is CVE-2017-17504?

CVE-2017-17504 is a vulnerability in ImageMagick that allows a heap-based buffer over-read via a crafted file in the PNG coders/png.c component.

What is the severity of CVE-2017-17504?

The severity of CVE-2017-17504 is medium, with a severity value of 6.5.

Which versions of ImageMagick are affected by CVE-2017-17504?

ImageMagick versions before 7.0.7-12 are affected by CVE-2017-17504.

How can I fix CVE-2017-17504?

To fix CVE-2017-17504, update ImageMagick to version 7.0.7-12 or later.

Where can I find more information about CVE-2017-17504?

You can find more information about CVE-2017-17504 at the following references: [1](https://github.com/ImageMagick/ImageMagick/issues/872), [2](https://www.debian.org/security/2017/dsa-4074), [3](https://lists.debian.org/debian-lts-announce/2018/01/msg00000.html).

Vulnerability/
CVE-2017-17504

medium

6.5

CWE

125

11/12/2017

21/11/2024

CVE-2017-17504

First published: Mon Dec 11 2017(Updated: )

ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
debian/imagemagick	<=8:6.9.7.4+dfsg-11<=8:6.9.7.4+dfsg-16<=8:6.8.9.9-5	8:6.9.9.34+dfsg-1 8:6.8.9.9-5+deb8u12
ImageMagick ImageMagick	<6.9.9-24
ImageMagick ImageMagick	>=7.0.0-0<7.0.7-12
Canonical Ubuntu Linux	=14.04
Canonical Ubuntu Linux	=16.04
Canonical Ubuntu Linux	=17.10
Canonical Ubuntu Linux	=18.04
Debian Debian Linux	=7.0
Debian Debian Linux	=8.0
Debian Debian Linux	=9.0
debian/imagemagick		8:6.9.11.60+dfsg-1.3+deb11u4 8:6.9.11.60+dfsg-1.3+deb11u3 8:6.9.11.60+dfsg-1.6+deb12u2 8:6.9.11.60+dfsg-1.6+deb12u1 8:7.1.1.39+dfsg1-3

Remedy

https://github.com/ImageMagick/ImageMagick/issues/872

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2017-17504?
CVE-2017-17504 is a vulnerability in ImageMagick that allows a heap-based buffer over-read via a crafted file in the PNG coders/png.c component.
What is the severity of CVE-2017-17504?
The severity of CVE-2017-17504 is medium, with a severity value of 6.5.
Which versions of ImageMagick are affected by CVE-2017-17504?
ImageMagick versions before 7.0.7-12 are affected by CVE-2017-17504.
How can I fix CVE-2017-17504?
To fix CVE-2017-17504, update ImageMagick to version 7.0.7-12 or later.
Where can I find more information about CVE-2017-17504?
You can find more information about CVE-2017-17504 at the following references: [1](https://github.com/ImageMagick/ImageMagick/issues/872), [2](https://www.debian.org/security/2017/dsa-4074), [3](https://lists.debian.org/debian-lts-announce/2018/01/msg00000.html).

collector/debian-bugs
alias/CVE-2017-17504
collector/nvd-index
collector/launchpad-cve
source/Launchpad
agent/type
agent/weakness
agent/severity
agent/author
collector/usn-cve
source/Ubuntu
agent/remedy
agent/references
agent/tags
agent/description
agent/first-publish-date
agent/event
collector/security-tracker-debian
source/Debian
agent/software-canonical-lookup
agent/softwarecombine
collector/nvd-cve
source/NVD
agent/last-modified-date
agent/trending
package-manager/debian
vendor/imagemagick
canonical/imagemagick imagemagick
version/imagemagick imagemagick/7.0.0-0
vendor/canonical
canonical/canonical ubuntu linux
version/canonical ubuntu linux/14.04
version/canonical ubuntu linux/16.04
version/canonical ubuntu linux/17.10
version/canonical ubuntu linux/18.04
vendor/debian
canonical/debian debian linux
version/debian debian linux/7.0
version/debian debian linux/8.0
version/debian debian linux/9.0