First published: Wed Dec 20 2017(Updated: )
In GraphicsMagick 1.3.27a, there is a buffer over-read in ReadPALMImage in coders/palm.c when QuantumDepth is 8.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Graphicsmagick Graphicsmagick | =1.3.27a | |
Debian Debian Linux | =9.0 | |
debian/graphicsmagick | 1.4+really1.3.36+hg16481-2+deb11u1 1.4+really1.3.40-4 1.4+really1.3.45-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2017-17783 is high.
The affected software of CVE-2017-17783 is GraphicsMagick 1.3.27a.
To fix CVE-2017-17783, update GraphicsMagick to version 1.3.23-1ubuntu0.5 if using Ubuntu, or follow the recommended updates for Debian.
You can find more information about CVE-2017-17783 at the following references: [Reference 1](http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=60932931559a), [Reference 2](https://sourceforge.net/p/graphicsmagick/bugs/529/), [Reference 3](https://www.debian.org/security/2018/dsa-4321).
The Common Weakness Enumeration (CWE) of CVE-2017-17783 is CWE-125.