Vulnerability Details CVE-2017-18211
In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function saveBinaryCLProgram in magick/opencl.c because a program-lookup result is not checked, related to CacheOpenCLKernel.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://www.securityfocus.com/bid/103220
- https://github.com/ImageMagick/ImageMagick/issues/792
- https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html
- https://usn.ubuntu.com/3681-1/
- http://www.securityfocus.com/bid/103220
- https://github.com/ImageMagick/ImageMagick/issues/792
- https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html
- https://usn.ubuntu.com/3681-1/
Products affected by CVE-2017-18211
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-0
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-1
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-10
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-11
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-12
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-13
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-14
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-15
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-16
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-17
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-18
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-19
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-2
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-20
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-21
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-22
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-23
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-24
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-25
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-3
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-4
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-5
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-6
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-8
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-9
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7.7
-
cpe:2.3:o:canonical:ubuntu_linux:14.04
-
cpe:2.3:o:canonical:ubuntu_linux:16.04
-
cpe:2.3:o:canonical:ubuntu_linux:17.10
-
cpe:2.3:o:canonical:ubuntu_linux:18.04