CVE-2017-10928
05.07.2017, 11:29
In ImageMagick 7.0.6-0, a heap-based buffer over-read in the GetNextToken function in token.c allows remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in coders/svg.c.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ImageMagick |
| ||||||||||||||||||||||
| ImageMagick-config-6-SUSE |
| ||||||||||||||||||||||
| ImageMagick-config-6-upstream |
| ||||||||||||||||||||||
| libMagick++-6_Q16-3 |
| ||||||||||||||||||||||
| libMagickCore-6_Q16-1 |
| ||||||||||||||||||||||
| libMagickCore-6_Q16-1-32bit |
| ||||||||||||||||||||||
| libMagickWand-6_Q16-1 |
|
Common Weakness Enumeration