Vulnerability Details CVE-2017-18209
In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ImageMagick 7.0.7, a NULL pointer dereference vulnerability occurs because a memory allocation result is not checked, related to GetOpenCLCacheDirectory.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.2%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
- http://www.securityfocus.com/bid/103218
- https://github.com/ImageMagick/ImageMagick/issues/790
- https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html
- https://usn.ubuntu.com/3681-1/
- http://www.securityfocus.com/bid/103218
- https://github.com/ImageMagick/ImageMagick/issues/790
- https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html
- https://usn.ubuntu.com/3681-1/
Products affected by CVE-2017-18209
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-0
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-1
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-10
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-11
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-12
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-13
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-14
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-15
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-16
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-17
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-18
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-19
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-2
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-20
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-21
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-22
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-23
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-24
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-25
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-3
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-4
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-5
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-6
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-8
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-9
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7.7
-
cpe:2.3:o:canonical:ubuntu_linux:14.04
-
cpe:2.3:o:canonical:ubuntu_linux:16.04
-
cpe:2.3:o:canonical:ubuntu_linux:17.10
-
cpe:2.3:o:canonical:ubuntu_linux:18.04