CVE-2017-13132
In ImageMagick existieren mehrere Schwachstellen. Die Schwachstellen existieren in den Funktionen "WritePCXImage", "WriteOneJNGImage", "WritePDFImage", "ReadPSDLayersInternal", "ReadOnePNGImage", "ReadMIFFImage", "ReadMATImage", "ReadJP2Image", "ReadOneMNGImage", "SFWScan", "formatIPTC" und "load_level". Durch fehlende Speicherinitialisierungen und Validierungen können durch präparierte Bilddateien diverse Speicherlecks ausgenutzt werden. Ein entfernter, anonymer Angreifer kann so Zugriff auf eventuell sensitive Informationen erlangen und einen Denial of Service Zustand herbeiführen. Zur erfolgreichen Ausnutzung dieser Schwachstelle muss der Angreifer den Benutzer dazu bringen, eine modifizierte Bilddatei hochzuladen.
EPSS 0.25% · 48.8th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu | Ubuntu Linux | |
| Amazon | Amazon Linux 2 | |
| SUSE | SUSE Linux | |
| Debian | Debian Linux | |
| Open Source | Open Source ImageMagick |
Timeline
- Aug 22, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2017/wid-sec-w-2024-0171.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0171 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2017-13141 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2017-13142 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2017-13143 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2017-13144 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2017-13145 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2017-13146 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2017-13131 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2017-13132 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2017-13133 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2017-13134 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2017-13139 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2017-13140 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2017-13062 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2017-13061 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2017-13060 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2017-13059 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2017-13058 advisory
- https://www.debian.org/security/2017/dsa-4019 advisory
…and 25 more