CVE-2017-17884
First published: Sun Dec 24 2017(Updated: )
In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function WriteOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted PNG image file.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ImageMagick ImageMagick | =7.0.7-16 | |
| Canonical Ubuntu Linux | =14.04 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =17.10 | |
| Canonical Ubuntu Linux | =18.04 | |
| debian/imagemagick | 8:6.9.11.60+dfsg-1.3+deb11u4 8:6.9.11.60+dfsg-1.3+deb11u3 8:6.9.11.60+dfsg-1.6+deb12u2 8:6.9.11.60+dfsg-1.6+deb12u1 8:7.1.1.39+dfsg1-3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/ImageMagick/ImageMagick/issues/902
- https://usn.ubuntu.com/3681-1/
- https://launchpad.net/bugs/cve/CVE-2017-17884
- https://github.com/ImageMagick/ImageMagick/commit/4d6accd355119d54429a86a1859b8329f0130f30
- https://github.com/ImageMagick/ImageMagick/commit/82f20a898107a9c1ef6ad2024c4b191719b294ea
- https://security-tracker.debian.org/tracker/CVE-2017-17884
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17884
- https://nvd.nist.gov/vuln/detail/CVE-2017-17884
- https://ubuntu.com/security/CVE-2017-17884
Frequently Asked Questions
What is the vulnerability ID of this ImageMagick vulnerability?
The vulnerability ID is CVE-2017-17884.
What is the severity level of CVE-2017-17884?
The severity level of CVE-2017-17884 is medium, with a severity value of 6.5.
How does the vulnerability in ImageMagick 7.0.7-16 Q16 affect the software?
The vulnerability in ImageMagick 7.0.7-16 Q16 allows attackers to cause a denial of service via a crafted PNG image file.
Which versions of Ubuntu are affected by this ImageMagick vulnerability?
The versions of Ubuntu affected by this ImageMagick vulnerability are Trusty (14.04), Artful (17.10), and Bionic (18.04).
How can I fix CVE-2017-17884 in ImageMagick?
To fix CVE-2017-17884 in ImageMagick, you should update to version 8:6.7.7.10-6ubuntu3.11 (for Trusty), 8:6.9.7.4+dfsg-16ubuntu2.2 (for Artful), or 8:6.9.7.4+dfsg-16ubuntu6.2 (for Bionic).
- collector/nvd-index
- collector/launchpad-cve
- source/Launchpad
- agent/type
- agent/author
- agent/weakness
- agent/severity
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/tags
- agent/description
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-cve
- source/NVD
- agent/last-modified-date
- agent/trending
- vendor/imagemagick
- canonical/imagemagick imagemagick
- version/imagemagick imagemagick/7.0.7-16
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/14.04
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/17.10
- version/canonical ubuntu linux/18.04
- package-manager/debian