Vulnerability Details CVE-2017-13775
GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage() in coders/jnx.c whereby large amounts of CPU and memory resources may be consumed although the file itself does not support the requests.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.021
EPSS Ranking 83.5%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 7.1
References
- http://hg.code.sf.net/p/graphicsmagick/code/rev/b037d79b6ccd
- http://openwall.com/lists/oss-security/2017/08/31/3
- http://www.securityfocus.com/bid/100570
- https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/
- https://usn.ubuntu.com/4222-1/
- https://www.debian.org/security/2018/dsa-4321
- http://hg.code.sf.net/p/graphicsmagick/code/rev/b037d79b6ccd
- http://openwall.com/lists/oss-security/2017/08/31/3
- http://www.securityfocus.com/bid/100570
- https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/
- https://usn.ubuntu.com/4222-1/
- https://www.debian.org/security/2018/dsa-4321
Products affected by CVE-2017-13775
-
cpe:2.3:a:graphicsmagick:graphicsmagick:1.3.26
-
cpe:2.3:o:debian:debian_linux:8.0
-
cpe:2.3:o:debian:debian_linux:9.0