First published: Tue Mar 27 2018(Updated: )
An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted file.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
ImageMagick ImageMagick | =7.0.7 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =17.10 | |
Canonical Ubuntu Linux | =18.04 | |
IBM Data Risk Manager | <=2.0.6 | |
debian/imagemagick | 8:6.9.11.60+dfsg-1.3+deb11u4 8:6.9.11.60+dfsg-1.3+deb11u3 8:6.9.11.60+dfsg-1.6+deb12u2 8:6.9.11.60+dfsg-1.6+deb12u1 8:7.1.1.39+dfsg1-3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2017-18254.
The affected software includes IBM Data Risk Manager, ImageMagick on Ubuntu, and ImageMagick on Debian.
The severity of CVE-2017-18254 is medium with a CVSS score of 6.5.
To fix CVE-2017-18254, you can apply the respective patches provided by the vendors, such as IBM, Ubuntu, and Debian, or upgrade to the recommended versions of ImageMagick.
You can find more information about CVE-2017-18254 on the GitHub page of ImageMagick, Ubuntu security notices, and the CVE/CWE details.